pod: python-component-ntgzlu-on-074a91318b80e55c42c583e32ec2cbb6-pod | init container: prepare 2025/09/11 13:35:27 Entrypoint initialization pod: python-component-ntgzlu-on-074a91318b80e55c42c583e32ec2cbb6-pod | init container: place-scripts 2025/09/11 13:35:43 Decoded script /tekton/scripts/script-0-czmrh 2025/09/11 13:35:43 Decoded script /tekton/scripts/script-1-rt6r9 pod: python-component-ntgzlu-on-074a91318b80e55c42c583e32ec2cbb6-pod | init container: working-dir-initializer pod: python-component-ntgzlu-on-074a91318b80e55c42c583e32ec2cbb6-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=python-component-ntgzlu + echo 'The PROJECT_NAME used is: python-component-ntgzlu' + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors The PROJECT_NAME used is: python-component-ntgzlu INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-122.json ./shellcheck-results/sc-132.json ./shellcheck-results/sc-133.json ./shellcheck-results/sc-140.json ./shellcheck-results/sc-87.json ./shellcheck-results/sc-90.json ./shellcheck-results/sc-91.json ./shellcheck-results/sc-92.json ./shellcheck-results/sc-95.json ./shellcheck-results/sc-98.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + echo -n 'Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + echo 'Setting KFP_GIT_URL to empty string' Probing https://gitlab.cee.redhat.com/osh/known-false-positives... Setting KFP_GIT_URL to empty string + KFP_GIT_URL= + '[' -n '' ']' + echo 'KFP_GIT_URL is not set. Skipping false positive filtering.' KFP_GIT_URL is not set. Skipping false positive filtering. + echo 'ShellCheck results have been saved to shellcheck-results.json' ShellCheck results have been saved to shellcheck-results.json + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2025-09-11T13:36:19+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2025-09-11T13:36:19+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2025-09-11T13:36:19+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2025-09-11T13:36:19+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2025-09-11T13:36:19+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2025-09-11T13:36:19+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: python-component-ntgzlu-on-074a91318b80e55c42c583e32ec2cbb6-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu Attaching to quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0@sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 shellcheck-results.sarif:application/sarif+json Uploading 3b606a9dd3a1 shellcheck-results.sarif Uploaded 3b606a9dd3a1 shellcheck-results.sarif Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0@sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 Digest: sha256:6210e0d1763bb51d91c65ee72d82e5a068ed847edc6a9c00000d32b91f50aa39 No excluded-findings.json exists. Skipping upload. pod: python-component-ntgzlu-on-63ee0f10e9fd4f031989e731036fd555-pod | init container: prepare 2025/09/11 13:32:04 Entrypoint initialization pod: python-component-ntgzlu-on-63ee0f10e9fd4f031989e731036fd555-pod | init container: place-scripts 2025/09/11 13:32:10 Decoded script /tekton/scripts/script-0-jf57z 2025/09/11 13:32:10 Decoded script /tekton/scripts/script-1-xm5cj pod: python-component-ntgzlu-on-63ee0f10e9fd4f031989e731036fd555-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1757597540.8454986,"caller":"git/git.go:200","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/sample-multi-component @ 4507c9b389e642c76d212c46d1a948e5302889c0 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1757597540.8915608,"caller":"git/git.go:239","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision 4507c9b389e642c76d212c46d1a948e5302889c0 directly. pod: python-component-ntgzlu-on-63ee0f10e9fd4f031989e731036fd555-pod | container step-symlink-check: Running symlink check pod: python-component-ntgzlu-on-7c23192e6ff34947327fefbb9308d787-pod | init container: prepare 2025/09/11 13:35:38 Entrypoint initialization pod: python-component-ntgzlu-on-7c23192e6ff34947327fefbb9308d787-pod | init container: place-scripts 2025/09/11 13:35:49 Decoded script /tekton/scripts/script-0-qntv6 pod: python-component-ntgzlu-on-7c23192e6ff34947327fefbb9308d787-pod | init container: working-dir-initializer pod: python-component-ntgzlu-on-7c23192e6ff34947327fefbb9308d787-pod | container step-push: [2025-09-11T13:36:17,552575847+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 Using token for quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.P0cg3N4ZBm --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:sha256-f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057.dockerfile Dockerfile pod: python-component-ntgzlu-on-b4f7567cfb29274473dc014d36064047-pod | init container: prepare 2025/09/11 13:35:21 Entrypoint initialization pod: python-component-ntgzlu-on-b4f7567cfb29274473dc014d36064047-pod | init container: place-scripts 2025/09/11 13:35:26 Decoded script /tekton/scripts/script-0-gp7gc 2025/09/11 13:35:26 Decoded script /tekton/scripts/script-1-gxbws 2025/09/11 13:35:26 Decoded script /tekton/scripts/script-2-g28gj 2025/09/11 13:35:27 Decoded script /tekton/scripts/script-3-6crpp 2025/09/11 13:35:27 Decoded script /tekton/scripts/script-4-h79sg 2025/09/11 13:35:27 Decoded script /tekton/scripts/script-5-qrkt2 pod: python-component-ntgzlu-on-b4f7567cfb29274473dc014d36064047-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 The media type of the OCI artifact is application/vnd.oci.image.manifest.v1+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: python-component-ntgzlu-on-b4f7567cfb29274473dc014d36064047-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 Using token for quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu Auth json written to "/auth/auth.json". pod: python-component-ntgzlu-on-b4f7567cfb29274473dc014d36064047-pod | container step-set-skip-for-bundles: 2025/09/11 13:36:01 INFO Step was skipped due to when expressions were evaluated to false. pod: python-component-ntgzlu-on-b4f7567cfb29274473dc014d36064047-pod | container step-app-check: time="2025-09-11T13:36:01Z" level=info msg="certification library version" version="1.14.1 " time="2025-09-11T13:36:02Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 for platform amd64" time="2025-09-11T13:36:02Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0" time="2025-09-11T13:36:35Z" level=info msg="check completed" check=HasLicense result=FAILED time="2025-09-11T13:36:35Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2025-09-11T13:36:35Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2025-09-11T13:36:35Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2025-09-11T13:36:35Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2025-09-11T13:36:35Z" level=info msg="USER 1001 specified that is non-root" check=RunAsNonRoot time="2025-09-11T13:36:35Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2025-09-11T13:37:01Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2025-09-11T13:37:03Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2025-09-11T13:37:03Z" level=info msg="This image's tag on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 will be paired with digest sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." time="2025-09-11T13:37:05Z" level=info msg="Preflight result: FAILED" { "image": "quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.14.1", "commit": "436b6cd740f4144eba59ad1378be00383c7b0269" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 258, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 26310, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 1228, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } pod: python-component-ntgzlu-on-b4f7567cfb29274473dc014d36064047-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1757597825","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: python-component-ntgzlu-on-b4f7567cfb29274473dc014d36064047-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1757597825","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: python-component-ntgzlu-on-bfc022448b380aed36b847526e450184-pod | init container: prepare 2025/09/11 13:34:39 Entrypoint initialization pod: python-component-ntgzlu-on-bfc022448b380aed36b847526e450184-pod | init container: place-scripts 2025/09/11 13:34:46 Decoded script /tekton/scripts/script-0-shj5g 2025/09/11 13:34:46 Decoded script /tekton/scripts/script-1-9czpd 2025/09/11 13:34:46 Decoded script /tekton/scripts/script-2-564zc pod: python-component-ntgzlu-on-bfc022448b380aed36b847526e450184-pod | container step-build: 595f113c233357e6ad7c2eed4e604ba583d254ca66d4889fbe2145912c3f4eb1 Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu@sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057. pod: python-component-ntgzlu-on-bfc022448b380aed36b847526e450184-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: python-component-ntgzlu-on-bfc022448b380aed36b847526e450184-pod | container step-upload-sbom: The index.spdx.json file does not exists. Skipping the SBOM upload... pod: python-component-ntgzlu-on-d20575ef929adf1af8d51f2507922d3f-pod | init container: prepare 2025/09/11 13:32:41 Entrypoint initialization pod: python-component-ntgzlu-on-d20575ef929adf1af8d51f2507922d3f-pod | init container: place-scripts 2025/09/11 13:32:41 Decoded script /tekton/scripts/script-0-g6ph8 2025/09/11 13:32:41 Decoded script /tekton/scripts/script-1-8v7gc 2025/09/11 13:32:41 Decoded script /tekton/scripts/script-2-ftzfc 2025/09/11 13:32:41 Decoded script /tekton/scripts/script-3-jnsqz 2025/09/11 13:32:41 Decoded script /tekton/scripts/script-4-gj22d pod: python-component-ntgzlu-on-d20575ef929adf1af8d51f2507922d3f-pod | init container: working-dir-initializer pod: python-component-ntgzlu-on-d20575ef929adf1af8d51f2507922d3f-pod | container step-build: [2025-09-11T13:32:46,795876345+00:00] Validate context path [2025-09-11T13:32:46,799546264+00:00] Update CA trust [2025-09-11T13:32:46,800775804+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2025-09-11T13:32:48,110050846+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2025-09-11T13:32:48,120496434+00:00] Prepare system (architecture: x86_64) [2025-09-11T13:32:48,517863104+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/python-39:1-117.1684741281... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8a2e9815396eaa57b0dfe27b2dfc442417f06aa70974c358f198980b533c7942 Copying blob sha256:5465449a2ea5d8a7e05fa498c8ba35f0ce7714b0ad37e716961fca17dfa1ef13 Copying blob sha256:085efe85e9dfb0b3d5d2392e4b78660a3091bf1ded336315117a627fbdd0567d Copying blob sha256:a07d808ddf4404b3885fef6100142a973cc667b2c3c4abcf4db96508795b1efb { "architecture": "x86_64", "build-date": "2025-09-11T13:32:48Z", "com.redhat.component": "python-39-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "distribution-scope": "public", "io.buildah.version": "1.40.1", "io.buildpacks.stack.id": "com.redhat.stacks.ubi9-python-39", "io.k8s.description": "Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.", "io.k8s.display-name": "Python 3.9", "io.openshift.expose-services": "8080:http", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,python,python39,python-39,rh-python39", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "SoftwareCollections.org ", "name": "ubi9/python-39", "release": "117.1684741281", Copying config sha256:45c8f23c11bb64f238236aaf5cbe05595778e1d4fb6c06109c6fcc0a6b57a45b Writing manifest to image destination Storing signatures "summary": "Platform for building and running Python 3.9 applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi9/python-39/images/1-117.1684741281", "usage": "s2i build https://github.com/sclorg/s2i-python-container.git --context-dir=3.9/test/setup-test-app/ ubi9/python-39 python-sample-app", "vcs-ref": "4507c9b389e642c76d212c46d1a948e5302889c0", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1", "quay.expires-after": "5d" } [2025-09-11T13:33:07,772663650+00:00] Register sub-man Adding the entitlement to the build [2025-09-11T13:33:07,778149508+00:00] Add secrets [2025-09-11T13:33:08,392483142+00:00] Run buildah build [2025-09-11T13:33:08,393952985+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=4507c9b389e642c76d212c46d1a948e5302889c0 --label quay.expires-after=5d --label build-date=2025-09-11T13:32:48Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.Nwtyee -t quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 . STEP 1/9: FROM registry.access.redhat.com/ubi9/python-39:1-117.1684741281 STEP 2/9: EXPOSE 8081/tcp STEP 3/9: ENV FLASK_PORT=8081 STEP 4/9: WORKDIR /projects STEP 5/9: COPY . . STEP 6/9: RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; elif [ `ls -1q *.txt | wc -l` == 1 ]; then pip install -r *.txt; fi Collecting Flask==2.3.3 Downloading flask-2.3.3-py3-none-any.whl (96 kB) Collecting click>=8.1.3 Downloading click-8.1.8-py3-none-any.whl (98 kB) Collecting Jinja2>=3.1.2 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) Collecting Werkzeug>=2.3.7 Downloading werkzeug-3.1.3-py3-none-any.whl (224 kB) Collecting importlib-metadata>=3.6.0 Downloading importlib_metadata-8.7.0-py3-none-any.whl (27 kB) Collecting blinker>=1.6.2 Downloading blinker-1.9.0-py3-none-any.whl (8.5 kB) Collecting itsdangerous>=2.1.2 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting zipp>=3.20 Downloading zipp-3.23.0-py3-none-any.whl (10 kB) Collecting MarkupSafe>=2.0 Downloading MarkupSafe-3.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (20 kB) Installing collected packages: zipp, MarkupSafe, Werkzeug, Jinja2, itsdangerous, importlib-metadata, click, blinker, Flask Successfully installed Flask-2.3.3 Jinja2-3.1.6 MarkupSafe-3.0.2 Werkzeug-3.1.3 blinker-1.9.0 click-8.1.8 importlib-metadata-8.7.0 itsdangerous-2.2.0 zipp-3.23.0 WARNING: You are using pip version 21.3.1; however, version 25.2 is available. You should consider upgrading via the '/opt/app-root/bin/python3.9 -m pip install --upgrade pip' command. STEP 7/9: CMD [ "python", "./app.py" ] STEP 8/9: COPY labels.json /root/buildinfo/labels.json STEP 9/9: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="4507c9b389e642c76d212c46d1a948e5302889c0" "quay.expires-after"="5d" "build-date"="2025-09-11T13:32:48Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 --> f17d681cfdbe Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 f17d681cfdbe5dde3b34161de4fc9acd6d4b0403757ab47dcd90a26b2ae73cc7 [2025-09-11T13:33:20,533387233+00:00] Unsetting proxy [2025-09-11T13:33:20,534726525+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/python-39:1-117.1684741281 registry.access.redhat.com/ubi9/python-39:1-117.1684741281@sha256:40a58935b9c22664927b22bf256f53a3d744ddb7316f3af18061099e199526ee Getting image source signatures Copying blob sha256:ad1c8a576d9c8a041a63ee8bd12df8dc08e7218b33a953a756c28ac6ee0066ae Copying blob sha256:d93d3cc0bc0c5ed9655bcdcf31183ed0b570076c0e6a13e0d7cb907d0b877b00 Copying blob sha256:bc8a0003b3470be53e5cf295daf38c287d3f20ab90e8f5c2b6f17406b158d323 Copying blob sha256:d661a108c347030c3ef626a0e0020e084fba1e1023193824f5395fa90ef40bde Copying blob sha256:629980bfa23ec05ce5acc61ed2866ddf8713f40bb2a61f0850395082f1457220 Copying config sha256:f17d681cfdbe5dde3b34161de4fc9acd6d4b0403757ab47dcd90a26b2ae73cc7 Writing manifest to image destination [2025-09-11T13:33:28,557144478+00:00] End build pod: python-component-ntgzlu-on-d20575ef929adf1af8d51f2507922d3f-pod | container step-push: [2025-09-11T13:33:29,014609854+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2025-09-11T13:33:30,333145465+00:00] Convert image [2025-09-11T13:33:30,334489076+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:python-component-ntgzlu-on-pull-request-7d8tp-build-container Executing: buildah push --format=oci --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 docker://quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:python-component-ntgzlu-on-pull-request-7d8tp-build-container [2025-09-11T13:33:45,502236198+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 Executing: buildah push --format=oci --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 docker://quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 [2025-09-11T13:33:47,735908743+00:00] End push pod: python-component-ntgzlu-on-d20575ef929adf1af8d51f2507922d3f-pod | container step-sbom-syft-generate: [2025-09-11T13:33:48,270982865+00:00] Generate SBOM Running syft on the source directory [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) Running syft on the image [2025-09-11T13:34:11,205942881+00:00] End sbom-syft-generate pod: python-component-ntgzlu-on-d20575ef929adf1af8d51f2507922d3f-pod | container step-prepare-sboms: [2025-09-11T13:34:11,563160186+00:00] Prepare SBOM [2025-09-11T13:34:11,570532055+00:00] Generate SBOM with mobster 2025-09-11 13:34:20,400 [INFO] mobster.log: Logging level set to 20 2025-09-11 13:34:22,296 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-acl-7fdbf9b1efb3c327', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,296 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-alternatives-9538a795197cd790', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,296 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-annobin-620f5ca911c854fc', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0-and-BSD-with-advertising-and-ISC-and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0-and-BSD-with-advertising-and-ISC-and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-apr-44fc30cd993bd894', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0-and-BSD-with-advertising-and-ISC-and-BSD', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0-and-BSD-with-advertising-and-ISC-and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0-and-BSD-with-advertising-and-ISC-and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-apr-devel-ab0c49e328180436', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0-and-BSD-with-advertising-and-ISC-and-BSD', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-apr-util-f25e3793262013e2', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-apr-util-bdb-1443f322b37fef41', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-apr-util-devel-b396da24d005a7f2', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-apr-util-ldap-45ff94e39c268888', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-apr-util-openssl-7e3c67c680834001', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-atlas-7f135d0af422412d', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-atlas-devel-e1a5d8b2620f6d3e', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-audit-libs-c60c4062ecc5fd19', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-autoconf-d21271723c126f69', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-GFDL', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-GFDL-and-Public-Domain-and-MIT. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-GFDL-and-Public-Domain-and-MIT', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-automake-71eb89a0789b5f00', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-GFDL-and-Public-Domain-and-MIT', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-basesystem-2cedbe7bd36d2161', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-bash-73007870af2280a5', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-binutils-684d7e5f134eee02', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-binutils-gold-057a2b0d9b0ede45', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Boost-and-MIT-and-Python. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Boost-and-MIT-and-Python', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-boost-regex-c2f6ad4ab4080fef', element_type=, full_element=LicenseSymbol('LicenseRef-Boost-and-MIT-and-Python', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-bsdtar-58e6c24ee527cf00', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-bzip2-f16d46b058afa3c8', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-bzip2-devel-8dcb885f73a4c386', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-bzip2-libs-5f02557aba2b2ca5', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-ca-certificates-876ddc8d172da7dc', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-or-MPLv1.1. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-or-MPLv1.1', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-cairo-641045ebf8facaaf', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-or-MPLv1.1', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-MIT-and-zlib. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-MIT-and-zlib', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-cmake-e3b522d481b5b52e', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-MIT-and-zlib', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-MIT-and-zlib. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-MIT-and-zlib', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-cmake-data-d74e7d94b6e0170b', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-MIT-and-zlib', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-MIT-and-zlib. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-MIT-and-zlib', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-cmake-filesystem-63ef79e0183d4fba', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-MIT-and-zlib', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-MIT-and-zlib. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-MIT-and-zlib', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-cmake-rpm-macros-75f47048013bc040', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-MIT-and-zlib', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-coreutils-single-e39127ccf38c9f23', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-cpp-36f60cc145c855c3', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-cracklib-90976ad369e95dcb', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-cracklib-dicts-03f1cfdddb1f75c1', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-crypto-policies-fd76655fb5d9531b', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-crypto-policies-scripts-b3723da502d79333', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-with-advertising. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-with-advertising', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-cyrus-sasl-08d8b5e6bb97eed3', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-with-advertising', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-with-advertising. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-with-advertising', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-cyrus-sasl-devel-b38dd0edc1fa7256', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-with-advertising', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-with-advertising. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-with-advertising', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-cyrus-sasl-lib-5a4d8a266c515c3b', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-with-advertising', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPLv2--or-AFL--and-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPLv2--or-AFL--and-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-dbus-057e66990ff2881e', element_type=, full_element=LicenseSymbol('LicenseRef--GPLv2--or-AFL--and-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-dbus-broker-718c5bcbf3d887f3', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,297 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPLv2--or-AFL--and-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPLv2--or-AFL--and-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-dbus-common-66184d1927aea4b3', element_type=, full_element=LicenseSymbol('LicenseRef--GPLv2--or-AFL--and-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPLv2--or-AFL--and-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPLv2--or-AFL--and-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-dbus-libs-5b4893526e6ac965', element_type=, full_element=LicenseSymbol('LicenseRef--GPLv2--or-AFL--and-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Expat--MIT-X11-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Expat--MIT-X11-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-dbus-python-2830d4788444c709', element_type=, full_element=LicenseSymbol('LicenseRef-Expat--MIT-X11-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-new-BSD-License. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-new-BSD-License', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-decorator-4e0ceec2b29ecabd', element_type=, full_element=LicenseSymbol('LicenseRef-new-BSD-License', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Bitstream-Vera-and-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Bitstream-Vera-and-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-dejavu-sans-fonts-dfd23518c3ae46b3', element_type=, full_element=LicenseSymbol('LicenseRef-Bitstream-Vera-and-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-dmidecode-acb71639665abf75', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-dnf-e1c54f4bb3ecbd42', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-dnf-data-616ba307c9faf883', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-dnf-plugins-core-52afce20f4c26b78', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-dwz-0ec49411a31e3a59', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-ed-3f2b1399050debd9', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GFDL', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-efi-srpm-macros-00602e44d1bb5fea', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and--GPLv2--or-LGPLv3--. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and--GPLv2--or-LGPLv3--', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-elfutils-debuginfod-client-98f2f51a8cf64e46', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and--GPLv2--or-LGPLv3--', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--or-LGPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--or-LGPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-elfutils-default-yama-scope-49dc5c21f2953e9a', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--or-LGPLv3-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--or-LGPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--or-LGPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-elfutils-libelf-55eb0088efe6009f', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--or-LGPLv3-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--or-LGPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--or-LGPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-elfutils-libs-42a5fc8adc685d67', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--or-LGPLv3-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-CC0-1.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-CC0-1.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-emacs-filesystem-3bb9a6176562f88e', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-CC0-1.0', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-enchant-2a2e8e034e648d5a', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-environment-modules-38237150de7141cb', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-file-bca44471c1551322', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-file-libs-a175a8760b38e29e', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-filesystem-62dfe80e897ceedb', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-findutils-c40c62b842d3ae2f', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-Public-Domain-and-UCD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-Public-Domain-and-UCD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-fontconfig-75c5aaad10d42659', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-Public-Domain-and-UCD', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-Public-Domain-and-UCD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-Public-Domain-and-UCD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-fontconfig-devel-27d5738bdf096b84', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-Public-Domain-and-UCD', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-fonts-srpm-macros-5a40360f15de710b', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--FTL-or-GPLv2---and-BSD-and-MIT-and-Public-Domain-and-zlib-with-acknowledgement. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--FTL-or-GPLv2---and-BSD-and-MIT-and-Public-Domain-and-zlib-with-acknowledgement', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-freetype-44881f12e26289d0', element_type=, full_element=LicenseSymbol('LicenseRef--FTL-or-GPLv2---and-BSD-and-MIT-and-Public-Domain-and-zlib-with-acknowledgement', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--FTL-or-GPLv2---and-BSD-and-MIT-and-Public-Domain-and-zlib-with-acknowledgement. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--FTL-or-GPLv2---and-BSD-and-MIT-and-Public-Domain-and-zlib-with-acknowledgement', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-freetype-devel-e4ccc7ed8ce4ad29', element_type=, full_element=LicenseSymbol('LicenseRef--FTL-or-GPLv2---and-BSD-and-MIT-and-Public-Domain-and-zlib-with-acknowledgement', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv2--and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv2--and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gawk-9dcf052ea12fdad7', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv2--and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gcc-c27be52dba940498', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gcc-c---041acd78cea979c5', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gcc-gfortran-81e7b38e1f85eb52', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gcc-plugin-annobin-ab011ad48449a4ff', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-GPL--and-LGPLv2--and-LGPLv3--and-BSD-and-Public-Domain-and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-GPL--and-LGPLv2--and-LGPLv3--and-BSD-and-Public-Domain-and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gdb-3789058e660e9550', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-GPL--and-LGPLv2--and-LGPLv3--and-BSD-and-Public-Domain-and-GFDL', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-GPL--and-LGPLv2--and-LGPLv3--and-BSD-and-Public-Domain-and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-GPL--and-LGPLv2--and-LGPLv3--and-BSD-and-Public-Domain-and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gdb-gdbserver-69c1f591d0c9119a', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-GPL--and-LGPLv2--and-LGPLv3--and-BSD-and-Public-Domain-and-GFDL', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-GPL--and-LGPLv2--and-LGPLv3--and-BSD-and-Public-Domain-and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-GPL--and-LGPLv2--and-LGPLv3--and-BSD-and-Public-Domain-and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gdb-headless-103c2d6fe39ef180', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-GPL--and-LGPLv2--and-LGPLv3--and-BSD-and-Public-Domain-and-GFDL', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gdbm-libs-b432066704b0c51c', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-LGPLv2--and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-LGPLv2--and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gettext-0c4e3f97d5b46fa0', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-LGPLv2--and-GFDL', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gettext-libs-9b6cd90e99cb5da5', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-ghc-srpm-macros-35ba66b397ffd204', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-git-03d0f308f802154d', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,298 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-git-core-91f1aea3ebd89b73', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-git-core-doc-56d4742bb85e4186', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-glib2-dd78ae2937058488', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-glib2-devel-503499811ccdcb06', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-glibc-9c8da227dedb1a46', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-glibc-common-dc12cd38b92a566f', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-glibc-devel-98ca95746276cc1a', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-glibc-gconv-extra-e266d1091430e12b', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-glibc-headers-ee5aa339094e85bb', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-glibc-langpack-en-a2de1a585b294163', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-glibc-locale-source-9966d20a2e8e7d2f', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-glibc-minimal-langpack-5e79fa2a5e5f46cd', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-LGPLv2--with-exceptions-and-GPLv2--and-GPLv2--with-exceptions-and-BSD-and-Inner-Net-and-ISC-and-Public-Domain-and-GFDL', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv3--or-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv3--or-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gmp-64839c496ad33b59', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv3--or-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gnupg2-bafc4028bd96a606', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gnutls-ef48df06bb0abfc1', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-go-srpm-macros-777128b2a5ccea30', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-LGPLv2--and-MIT. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-LGPLv2--and-MIT', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gobject-introspection-a940b80fe4b46c8b', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-LGPLv2--and-MIT', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPL2.1---the-library---GPL2---tests-and-examples-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPL2.1---the-library---GPL2---tests-and-examples-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-gpg-c86815c9c5d69c75', element_type=, full_element=LicenseSymbol('LicenseRef-LGPL2.1---the-library---GPL2---tests-and-examples-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-pubkey. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-pubkey', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gpg-pubkey-07413682000f3d88', element_type=, full_element=LicenseSymbol('LicenseRef-pubkey', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-pubkey. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-pubkey', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gpg-pubkey-a243d3460507af96', element_type=, full_element=LicenseSymbol('LicenseRef-pubkey', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gpgme-f1b53ce035ee04b6', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--LGPLv2--or-GPLv2--or-MPLv1.1--and--Netscape-or-GPLv2--or-LGPLv2--. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--LGPLv2--or-GPLv2--or-MPLv1.1--and--Netscape-or-GPLv2--or-LGPLv2--', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-graphite2-25babc10d18ff329', element_type=, full_element=LicenseSymbol('LicenseRef--LGPLv2--or-GPLv2--or-MPLv1.1--and--Netscape-or-GPLv2--or-LGPLv2--', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--LGPLv2--or-GPLv2--or-MPLv1.1--and--Netscape-or-GPLv2--or-LGPLv2--. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--LGPLv2--or-GPLv2--or-MPLv1.1--and--Netscape-or-GPLv2--or-LGPLv2--', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-graphite2-devel-f16122547c2b2e4b', element_type=, full_element=LicenseSymbol('LicenseRef--LGPLv2--or-GPLv2--or-MPLv1.1--and--Netscape-or-GPLv2--or-LGPLv2--', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-grep-196df9cad96e380f', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GFDL-and-BSD-and-MIT. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GFDL-and-BSD-and-MIT', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-groff-base-8fd5e310306084a2', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GFDL-and-BSD-and-MIT', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GFDL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GFDL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-gzip-c6d271ceb43c1409', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GFDL', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-hostname-89f658a25c7b3c9b', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-httpd-4749d23f0f802fe3', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-httpd-core-4a792a3440aeeae6', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-httpd-devel-7e32b02c9dddc91a', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-httpd-filesystem-2edf1473ec0486f0', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-httpd-tools-d940ad737ef4df26', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--or-GPLv2--or-MPLv1.1. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--or-GPLv2--or-MPLv1.1', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-hunspell-b2e3ea39981c4d08', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--or-GPLv2--or-MPLv1.1', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-LGPLv2-and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-LGPLv2-and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-hunspell-en-cac7824e652fd373', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-LGPLv2-and-BSD', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-LGPLv2-and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-LGPLv2-and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-hunspell-en-GB-9ff5fbda50ef9d4b', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-LGPLv2-and-BSD', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-LGPLv2-and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-LGPLv2-and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-hunspell-en-US-e9d4e60b7e749dba', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-LGPLv2-and-BSD', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--or-GPLv2--or-MPLv1.1. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--or-GPLv2--or-MPLv1.1', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-hunspell-filesystem-70789813ddfc4cec', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--or-GPLv2--or-MPLv1.1', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-like. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-like', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-idna-99e93abe8a4d5a55', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-like', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-ima-evm-utils-5a2ef279ff5621ca', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-info-2d6a98b9a0d5f906', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-jbigkit-libs-a7f6a31715704352', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,299 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-json-glib-108eb76e1b96e414', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-and-Redistributable--no-modification-permitted. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-and-Redistributable--no-modification-permitted', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-kernel-headers-4060836e0fbbe3af', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-and-Redistributable--no-modification-permitted', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-keyutils-libs-4422e914738c17ef', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-keyutils-libs-devel-1d35da7e4eb1b630', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-kmod-libs-00cb3e9b59f2eab5', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-langpacks-core-en-df5d3ce64e6dc98c', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-langpacks-core-font-en-d73e936743b685e7', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-langpacks-en-27488b456777ffc1', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--or-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--or-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-less-71501a2f59eafda0', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--or-BSD', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libacl-3e7cdb826959354c', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libarchive-8ed8a7563a07a1a9', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libassuan-a799ab1600e49872', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libattr-304e2047f10e5c4f', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libbabeltrace-368814a81ee30e07', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-GPLv2', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libblkid-7aa80082f8298e55', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libblkid-devel-c11ac237c76fd8b1', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-or-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-or-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libcap-cc5f5f4f6b7e653a', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-or-GPLv2', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libcap-ng-a3aa75d8273e1cac', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-libcomps-2666adbea71856c1', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libcomps-9adfebe4c139bc3f', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-LGPLv2-and-Sleepycat. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-LGPLv2-and-Sleepycat', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libdb-a4f81dbb6ad2e0dd', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-LGPLv2-and-Sleepycat', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-LGPLv2-and-Sleepycat. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-LGPLv2-and-Sleepycat', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libdb-devel-5aa1b89690d659d7', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-LGPLv2-and-Sleepycat', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libdnf-339e9ed2a782425f', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libdnf-plugin-subscription-manager-528d539c02213396', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libedit-800d3e8273e5a673', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-ISC. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-ISC', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libevent-2885715710e135d8', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-ISC', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libfdisk-d8d5001e28cf7ac2', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libfido2-295f52ecfab0bc28', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libgcc-9b6bc041e0579748', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libgcrypt-628dc85604a77874', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libgfortran-6f89837ae680e9a8', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libgomp-0f2f75020309bfbb', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libgpg-error-102fca6f01ef28cf', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libgpg-error-devel-54e05f83c7aee7d0', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-UCD-and-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-UCD-and-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libicu-5fbe3f945b76169c', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-UCD-and-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-UCD-and-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-UCD-and-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libicu-devel-3ad91ef69619b607', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-UCD-and-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPLv2--or-LGPLv3---and-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPLv2--or-LGPLv3---and-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libidn2-6a3c1818891dac67', element_type=, full_element=LicenseSymbol('LicenseRef--GPLv2--or-LGPLv3---and-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libipt-b7ba1f30c136e081', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--LGPLv3--or-GPLv2---and-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--LGPLv3--or-GPLv2---and-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libksba-a9d3f10576c21b37', element_type=, full_element=LicenseSymbol('LicenseRef--LGPLv3--or-GPLv2---and-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libmount-604bd7f10404bfdf', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libmount-devel-1fa281dee577d6f2', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,300 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libmpc-92bc76ab8dfdee61', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv3-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libnl3-8b95e2d24991232f', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libpath-utils-1c60db559bf7be85', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv3-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libpipeline-2252dcf840e3bf94', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-or-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-or-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libpwquality-bfcd412ee65981a5', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-or-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libquadmath-353c084d24caa5ab', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libquadmath-devel-e10a9580dcd3784c', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-librepo-3ec8be3d284c1dc7', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libreport-filesystem-53232b1db4311718', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2.1-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2.1-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-librhsm-9db2580ac7649f71', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2.1-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libseccomp-41e90d392d44aa88', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libselinux-c398b445a6fad525', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libselinux-devel-5a95eccf0cdf0042', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libsemanage-45fb2bbfb9f5c6ff', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libsepol-f737816f77a044a6', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libsepol-devel-020f6dfc89a46a85', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libsigsegv-2baa82c983b30582', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libsmartcols-5e6bceedbc953d6a', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libsolv-3b171874e2e095a8', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libstdc---c59218a64cc84791', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libstdc---devel-560bd9f36c0d6d75', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-GPLv3--with-exceptions-and-GPLv2--with-exceptions-and-LGPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libtalloc-82dc15c851a73b94', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv3-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--and-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--and-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libtasn1-6f527d10e3f94366', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--and-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-SISSL-and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-SISSL-and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libtirpc-210551c8cf019c0e', element_type=, full_element=LicenseSymbol('LicenseRef-SISSL-and-BSD', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libtool-ltdl-0d63f45d9e70e4ea', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--or-LGPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--or-LGPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libunistring-e1c9803b20913af1', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--or-LGPLv3-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libuser-46e610629985fbfb', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libutempter-0411b175c264741d', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libuuid-fdf99059388f22eb', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-BSD-and-ISC. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-BSD-and-ISC', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libuv-33349374b736de00', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-BSD-and-ISC', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libwebp-afbf07b9e0774feb', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libwebp-devel-83e668c877510643', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-BSD-and-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-BSD-and-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libxcrypt-726407ce9205c669', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-BSD-and-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-BSD-and-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-BSD-and-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libxcrypt-compat-ac0237424b9ca8d4', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-BSD-and-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-BSD-and-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-BSD-and-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libxcrypt-devel-e3d4d25bafbddff6', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-BSD-and-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-libzstd-3d2c73c5a5a7205b', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-GPLv2', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-zlib-and-Sendmail-and-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-zlib-and-Sendmail-and-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-lsof-28eb8724dad9c66d', element_type=, full_element=LicenseSymbol('LicenseRef-zlib-and-Sendmail-and-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-lz4-libs-0fc14552c6652ab5', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-BSD', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-m4-e2e34b60751631e9', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain-and-MIT. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain-and-MIT', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-mailcap-a9b3eec2e25f757f', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain-and-MIT', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-make-56ecc7b7954a433f', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,301 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-man-db-d2856e94672c2588', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-mariadb-connector-c-92ac9ca580928820', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-mariadb-connector-c-config-e12e17a6b569f11a', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-mariadb-connector-c-devel-eb9ffdead9e13a14', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-mod-http2-9c72d005bce91aca', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-mod-ldap-9979787ad0afd0ef', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-mod-lua-124cea085b7fe5c2', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-mod-session-26dde49501affdc7', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-mod-ssl-0c7b644b2b678542', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-mpfr-9606bf2c1d407bed', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv3-', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv3--or-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv3--or-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-nettle-f73b017628dd00c7', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv3--or-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-nodejs-c41954781b544ff8', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-nodejs-docs-2f18cf12b62ba0bd', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-nodejs-full-i18n-9dfa58eaba89a0f9', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-nodejs-libs-f03404ebd2222f7e', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-npm-95b4789fc73dbeb8', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-ASL-2.0-and-ISC-and-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-npm-npm-init-2358cefc1b11bbae', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-npth-e8d4429184219587', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-nss-wrapper-45d633450da5c67d', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-nss-wrapper-libs-1c8b4be319a3e160', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-ocaml-srpm-macros-c3616949460248d5', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-OpenLDAP. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-OpenLDAP', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-openldap-e45100d90f182f13', element_type=, full_element=LicenseSymbol('LicenseRef-OpenLDAP', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-OpenLDAP. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-OpenLDAP', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-openldap-compat-a17b70f559fc284d', element_type=, full_element=LicenseSymbol('LicenseRef-OpenLDAP', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-OpenLDAP. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-OpenLDAP', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-openldap-devel-1b856b076c5d71d4', element_type=, full_element=LicenseSymbol('LicenseRef-OpenLDAP', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-openssh-29fc434e4709e09d', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-openssh-clients-41fdb5bd98bd51c2', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-openssl-e9f8fa7181dae65c', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-openssl-devel-73ac3d9d4f5f37a3', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-openssl-libs-f6b986f80ce428a5', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-p11-kit-4d4327c0a92b266d', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-p11-kit-trust-7490a39ace24ed08', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pam-8fd0230ce8292283', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-or-GPL-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-or-GPL-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-passwd-9d80b2d9eec85b35', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-or-GPL-', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-patch-796a665b6dc87cd1', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pcre-34beecf525db2300', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pcre-cpp-80c009b2db97e1c7', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pcre-devel-55a0b761f1fbc5ec', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pcre-utf16-9b8db806decc2c35', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pcre-utf32-272c338aba2dd0ba', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pcre2-8e95b12697b0d9b0', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pcre2-devel-d0f7d95676ab2ca3', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pcre2-syntax-3841e1942e49762c', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,302 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pcre2-utf16-4a6f5b96ae0abb60', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pcre2-utf32-fbcf0a8477d97839', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-AutoLoader-add6a0de42dacbfb', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-B-93fcd72d2adb0a18', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Carp-c3239c97f775ff29', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Class-Struct-a2397b9f9acb1640', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Data-Dumper-7013ea7008b3bde8', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Digest-b28a297c4ab49ad7', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPL--or-Artistic--and-RSA. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPL--or-Artistic--and-RSA', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Digest-MD5-3ddd75e72fb39567', element_type=, full_element=LicenseSymbol('LicenseRef--GPL--or-Artistic--and-RSA', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-DynaLoader-4f07fd9fad5baa9c', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPL--or-Artistic--and-Artistic-2.0-and-UCD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPL--or-Artistic--and-Artistic-2.0-and-UCD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Encode-0efbce399938bbce', element_type=, full_element=LicenseSymbol('LicenseRef--GPL--or-Artistic--and-Artistic-2.0-and-UCD', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Errno-4f9cd159261d295f', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPL--or-Artistic--and-MIT. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPL--or-Artistic--and-MIT', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Error-0d31975c51d86a96', element_type=, full_element=LicenseSymbol('LicenseRef--GPL--or-Artistic--and-MIT', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Exporter-da8694cc57491d00', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Fcntl-80680afa06138aca', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-File-Basename-bcbc60d178a2cd7f', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-File-Compare-cb84fa077e4b15d2', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-File-Copy-9c4305025cb96bed', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-File-Find-d2cc564be1da84c8', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-File-Path-a728372afcb60992', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-File-Temp-a8a851e2bf518a37', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-File-stat-13d358f312208807', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-FileHandle-5216b636da9bc5a8', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Getopt-Long-285b29da1e9f0928', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Getopt-Std-9c2b8b0373e6eb76', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Git-d011c41243913517', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-HTTP-Tiny-f2b2b41b3febcfb4', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-IO-0c1aca4477c1e5c7', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-IO-Socket-IP-b22ef34a208f7dc8', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPL--or-Artistic--and-MPLv2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPL--or-Artistic--and-MPLv2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-IO-Socket-SSL-491a55c75224ff9d', element_type=, full_element=LicenseSymbol('LicenseRef--GPL--or-Artistic--and-MPLv2.0', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-IPC-Open3-3e8371e3e7f920d3', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPL--or-Artistic--and-MIT. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPL--or-Artistic--and-MIT', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-MIME-Base64-bfc3b3b92bd65590', element_type=, full_element=LicenseSymbol('LicenseRef--GPL--or-Artistic--and-MIT', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MPLv2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MPLv2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Mozilla-CA-1815f0bc1a2fc181', element_type=, full_element=LicenseSymbol('LicenseRef-MPLv2.0', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-NDBM-File-1a2c8c09306b9524', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Artistic-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Artistic-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Net-SSLeay-6e0eab0b957f6fbb', element_type=, full_element=LicenseSymbol('LicenseRef-Artistic-2.0', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-POSIX-587106caedb9eb2f', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPL--or-Artistic--and-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPL--or-Artistic--and-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-PathTools-b0b50ee179a2b33c', element_type=, full_element=LicenseSymbol('LicenseRef--GPL--or-Artistic--and-BSD', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Pod-Escapes-eb7b3d15896e8459', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Pod-Perldoc-2929c9d286ecf99c', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Pod-Simple-c4f9a26dd2afcd13', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Pod-Usage-f3799d687c9d0721', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Scalar-List-Utils-764c8a223b33d695', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,303 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-SelectSaver-073d119b88f22839', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Socket-7e771fcfcd9c8405', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Storable-7be730f033fe6ad1', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Symbol-7374a80754ec4f9f', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Term-ANSIColor-0be906606674e6ed', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Term-Cap-2bcdb990b6cedf89', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--Copyright-only--and--Artistic-or-GPL--. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--Copyright-only--and--Artistic-or-GPL--', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-TermReadKey-d7aab29b33bb43dc', element_type=, full_element=LicenseSymbol('LicenseRef--Copyright-only--and--Artistic-or-GPL--', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Text-ParseWords-faa45a8f1b5c7cfa', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Thread-Queue-9789f6adcfb5512e', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-Time-Local-8566fe6879e77ecb', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-URI-8c51a4f9c22b5696', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-base-04927cf5cbd5e57e', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-constant-198828c3fb6ffd8f', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-if-a57771ac3bcfe99e', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-interpreter-1d1a0adcc228855b', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-lib-8b71ba9188736b2d', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-libnet-b779484a3a120dd2', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPL--or-Artistic--and-BSD-and-HSRL-and-MIT-and-UCD-and-Public-domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPL--or-Artistic--and-BSD-and-HSRL-and-MIT-and-UCD-and-Public-domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-libs-6e9cb50b6137328b', element_type=, full_element=LicenseSymbol('LicenseRef--GPL--or-Artistic--and-BSD-and-HSRL-and-MIT-and-UCD-and-Public-domain', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-mro-1a686ea9dafc449e', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-overload-2f8cec063ee2c928', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-overloading-a47808531c293902', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-parent-4671b629ca460caf', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef--GPL--or-Artistic--and-FSFAP. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef--GPL--or-Artistic--and-FSFAP', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-podlators-363d3f9d00746f75', element_type=, full_element=LicenseSymbol('LicenseRef--GPL--or-Artistic--and-FSFAP', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-srpm-macros-a400e10c19bf2b2b', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-subs-79328b6a8253071d', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-threads-dc865917cbaf17db', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-threads-shared-5c66e844591fe8e3', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--or-Artistic. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--or-Artistic', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-perl-vars-98cc6f7d82cdc1da', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--or-Artistic', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--with-exceptions. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--with-exceptions', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-pkgconf-m4-c331dce09456c33d', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--with-exceptions', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL--and-GPLv2-and-GPLv2--and-GPLv3--and-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL--and-GPLv2-and-GPLv2--and-GPLv3--and-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-procps-ng-741c60ff640952a7', element_type=, full_element=LicenseSymbol('LicenseRef-GPL--and-GPLv2-and-GPLv2--and-GPLv3--and-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MPLv2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MPLv2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-publicsuffix-list-dafsa-24dbab8dc5f14b7c', element_type=, full_element=LicenseSymbol('LicenseRef-MPLv2.0', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GNU-LGPL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GNU-LGPL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-pygobject-ef59b91ccf046aba', element_type=, full_element=LicenseSymbol('LicenseRef-GNU-LGPL', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-License. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-License', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-pyinotify-303959b114fb224b', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-License', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-pysocks-acfe86c3920dab8e', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Dual-License. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Dual-License', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-python-dateutil-bab0ec9427f4c82d', element_type=, full_element=LicenseSymbol('LicenseRef-Dual-License', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-Python. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-Python', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python-srpm-macros-073b79a80caaa542', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-Python', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Python. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Python', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-9d35b8cfcca028bd', element_type=, full_element=LicenseSymbol('LicenseRef-Python', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-chardet-0a2e0515127768a4', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-cloud-what-fca6f3052e8e3007', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-dateutil-6bca9692e8b0b89e', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-decorator-b8924a55fedc0f3c', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Python. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Python', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-devel-3515715151cb8603', element_type=, full_element=LicenseSymbol('LicenseRef-Python', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-dnf-944b79a45a77b31c', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,304 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-dnf-plugins-core-c6f035eedbe32288', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-ethtool-0dda8c90b9041dc0', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-MIT. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-MIT', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-gobject-base-68a197fd2d6c6f4d', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-MIT', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-MIT. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-MIT', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-gobject-base-noarch-1d39385db2a9f9e6', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-MIT', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-gpg-1e3fe612c6b1ea76', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-hawkey-d663de00e6d5c17c', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-Python-and-Unicode. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-Python-and-Unicode', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-idna-4f7a30c0ef185c35', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-Python-and-Unicode', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-Python. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-Python', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-iniparse-1829ebecd9215fb6', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-Python', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-libcomps-ef3267ca8d95af7d', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-libdnf-89d95a7775ba1f83', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-librepo-8080e0f0c09cc9bb', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Python. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Python', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-libs-b6422e7934511e2a', element_type=, full_element=LicenseSymbol('LicenseRef-Python', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-Python-and-ASL-2.0-and-BSD-and-ISC-and-LGPLv2-and-MPLv2.0-and--ASL-2.0-or-BSD-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-Python-and-ASL-2.0-and-BSD-and-ISC-and-LGPLv2-and-MPLv2.0-and--ASL-2.0-or-BSD-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-pip-edbbd75c6e35f10b', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-Python-and-ASL-2.0-and-BSD-and-ISC-and-LGPLv2-and-MPLv2.0-and--ASL-2.0-or-BSD-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and-Python-and-ASL-2.0-and-BSD-and-ISC-and-LGPLv2-and-MPLv2.0-and--ASL-2.0-or-BSD-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and-Python-and-ASL-2.0-and-BSD-and-ISC-and-LGPLv2-and-MPLv2.0-and--ASL-2.0-or-BSD-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-pip-wheel-b58dd2e4c1319e05', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and-Python-and-ASL-2.0-and-BSD-and-ISC-and-LGPLv2-and-MPLv2.0-and--ASL-2.0-or-BSD-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-pysocks-fc6682800f52f13a', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-ASL-2.0. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-ASL-2.0', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-requests-a52b3f5038c0d088', element_type=, full_element=LicenseSymbol('LicenseRef-ASL-2.0', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-rpm-753da0bfa9867355', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and--BSD-or-ASL-2.0-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and--BSD-or-ASL-2.0-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-setuptools-a04c66cb9f17f4b3', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and--BSD-or-ASL-2.0-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-MIT-and--BSD-or-ASL-2.0-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-MIT-and--BSD-or-ASL-2.0-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-setuptools-wheel-290be2c6f70918ba', element_type=, full_element=LicenseSymbol('LicenseRef-MIT-and--BSD-or-ASL-2.0-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-subscription-manager-rhsm-ddaecb50aa49e352', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-python3-systemd-604d4d5294c1e1ec', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-qt5-srpm-macros-dadbb646c7d2cc13', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-readline-86bb1c48d046cf90', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-redhat-release-a85f40922a795f71', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-redhat-rpm-config-d2cfef5c2c9ff1fb', element_type=, full_element=LicenseSymbol('LicenseRef-GPL-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-rootfiles-75dc074aab79ce0f', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GNU-General-Public-License-v2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GNU-General-Public-License-v2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-rpm-c25f876745d22522', element_type=, full_element=LicenseSymbol('LicenseRef-GNU-General-Public-License-v2', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-rpm-59cf307d0b9165b2', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-LGPLv2--with-exceptions. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-LGPLv2--with-exceptions', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-rpm-build-libs-b4a8913133896ed1', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-LGPLv2--with-exceptions', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-LGPLv2--with-exceptions. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-LGPLv2--with-exceptions', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-rpm-libs-1746768d5ed3f961', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-LGPLv2--with-exceptions', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-LGPLv2--with-exceptions. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-LGPLv2--with-exceptions', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-rpm-sign-libs-7ec08b0658b555d4', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-LGPLv2--with-exceptions', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-rsync-e654da0a48ee8007', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-scl-utils-9cc5fa82fc0251f1', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-sed-e21cb9e7dda039e1', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-setup-996327334a1bac9c', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-UNKNOWN. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-UNKNOWN', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-setuptools-946b9864eb4e3fda', element_type=, full_element=LicenseSymbol('LicenseRef-UNKNOWN', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-shadow-utils-e94830f0c94997d6', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-source-highlight-ee25df6ffc83103c', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-sqlite-e680157f8ba75c3e', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-sqlite-devel-ac4c5d54543f418b', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-sqlite-libs-9b374837a5bfb7ca', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3--with-exceptions. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3--with-exceptions', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-sscg-be230c127405ba65', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3--with-exceptions', is_exception=False))) 2025-09-11 13:34:22,305 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-subscription-manager-c2f2fab1a0149e13', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-subscription-manager-59d35a4e0ef45f68', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-subscription-manager-rhsm-certificates-932c8ad6b0684868', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-MIT-and-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-MIT-and-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-systemd-cf57f4cc64cb0e32', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-MIT-and-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-MIT. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-MIT', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-systemd-libs-683f0c68ccbbf407', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-MIT', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-MIT-and-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-MIT-and-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-systemd-pam-779abec60f291365', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-MIT-and-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-python-systemd-python-4029da0e7e7877a9', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2-', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-LGPLv2--and-MIT-and-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-LGPLv2--and-MIT-and-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-systemd-rpm-macros-6be84f8375a4cc74', element_type=, full_element=LicenseSymbol('LicenseRef-LGPLv2--and-MIT-and-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-tar-1bf7671a0216a56b', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD-and-TCGL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD-and-TCGL', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-tpm2-tss-751b1c00db18d705', element_type=, full_element=LicenseSymbol('LicenseRef-BSD-and-TCGL', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-tzdata-7bc15d03191f60fb', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-unzip-524a9faaeb2fd62e', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-usermode-bb353265459fa90b', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-and-GPLv2--and-LGPLv2--and-BSD-with-advertising-and-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-and-GPLv2--and-LGPLv2--and-BSD-with-advertising-and-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-util-linux-704d7156b54d0c99', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-and-GPLv2--and-LGPLv2--and-BSD-with-advertising-and-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-and-GPLv2--and-LGPLv2--and-BSD-with-advertising-and-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-and-GPLv2--and-LGPLv2--and-BSD-with-advertising-and-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-util-linux-core-a435808743f13b5e', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-and-GPLv2--and-LGPLv2--and-BSD-with-advertising-and-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Vim-and-MIT. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Vim-and-MIT', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-vim-filesystem-c6f0efbbde11b210', element_type=, full_element=LicenseSymbol('LicenseRef-Vim-and-MIT', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Vim-and-MIT. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Vim-and-MIT', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-vim-minimal-1ada63475d326f87', element_type=, full_element=LicenseSymbol('LicenseRef-Vim-and-MIT', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-virt-what-97b02f065cd01601', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-wget-90e1935c0bceaabd', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3-', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv3. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv3', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-which-fd6d8a6e282bfda3', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv3', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPL-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPL-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-xml-common-1f7e830cd2176fc4', element_type=, full_element=LicenseSymbol('LicenseRef-GPL-', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2--and-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2--and-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-xz-0a6861fd7e9f5c1f', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2--and-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-xz-devel-76d1675c88c43ec4', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-xz-libs-f3e667a0375f3959', element_type=, full_element=LicenseSymbol('LicenseRef-Public-Domain', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-GPLv2-. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-GPLv2-', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-yum-0a6381faaeb9a44f', element_type=, full_element=LicenseSymbol('LicenseRef-GPLv2-', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-BSD. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-BSD', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-zip-59c24943fe373459', element_type=, full_element=LicenseSymbol('LicenseRef-BSD', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-zlib-and-Boost. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-zlib-and-Boost', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-zlib-0efcf83a23d6320a', element_type=, full_element=LicenseSymbol('LicenseRef-zlib-and-Boost', is_exception=False))) 2025-09-11 13:34:22,306 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-zlib-and-Boost. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-zlib-and-Boost', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-rpm-zlib-devel-56fb74fd55721d25', element_type=, full_element=LicenseSymbol('LicenseRef-zlib-and-Boost', is_exception=False))) 2025-09-11 13:34:22,499 [INFO] mobster.main: Exiting with code 0. [2025-09-11T13:34:22,579403109+00:00] End prepare-sboms pod: python-component-ntgzlu-on-d20575ef929adf1af8d51f2507922d3f-pod | container step-upload-sbom: [2025-09-11T13:34:22,801237171+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0@sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu@sha256:f27ac5b601428dad69e82eb1932750370d40fdde0be358d8b1fa40f074e25f66 [2025-09-11T13:34:27,374997090+00:00] End upload-sbom pod: python-component-ntgzlu-on-dcb7a8664796c1b795f1f26f09b7a226-pod | init container: prepare 2025/09/11 13:35:23 Entrypoint initialization pod: python-component-ntgzlu-on-dcb7a8664796c1b795f1f26f09b7a226-pod | init container: place-scripts 2025/09/11 13:35:29 Decoded script /tekton/scripts/script-0-nb472 2025/09/11 13:35:29 Decoded script /tekton/scripts/script-1-bnw2m pod: python-component-ntgzlu-on-dcb7a8664796c1b795f1f26f09b7a226-pod | init container: working-dir-initializer pod: python-component-ntgzlu-on-dcb7a8664796c1b795f1f26f09b7a226-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: python-component-ntgzlu INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2025-09-11T13:35:58+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: python-component-ntgzlu-on-dcb7a8664796c1b795f1f26f09b7a226-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: python-component-ntgzlu-on-pull-request-7d8tp-apply-tags-pod | init container: prepare 2025/09/11 13:35:29 Entrypoint initialization pod: python-component-ntgzlu-on-pull-request-7d8tp-apply-tags-pod | init container: place-scripts 2025/09/11 13:35:44 Decoded script /tekton/scripts/script-0-rb97j 2025/09/11 13:35:44 Decoded script /tekton/scripts/script-1-p27dx pod: python-component-ntgzlu-on-pull-request-7d8tp-apply-tags-pod | container step-apply-additional-tags-from-parameter: No additional tags parameter specified pod: python-component-ntgzlu-on-pull-request-7d8tp-apply-tags-pod | container step-apply-additional-tags-from-image-label: No additional tags specified in the image labels pod: python-component-ntgzlu-on-pull-request-7d8tp-clair-scan-pod | init container: prepare 2025/09/11 13:35:19 Entrypoint initialization pod: python-component-ntgzlu-on-pull-request-7d8tp-clair-scan-pod | init container: place-scripts 2025/09/11 13:35:25 Decoded script /tekton/scripts/script-0-2lxxc 2025/09/11 13:35:25 Decoded script /tekton/scripts/script-1-xx4dj 2025/09/11 13:35:25 Decoded script /tekton/scripts/script-2-cgccf 2025/09/11 13:35:25 Decoded script /tekton/scripts/script-3-dshv7 pod: python-component-ntgzlu-on-pull-request-7d8tp-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu@sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057. pod: python-component-ntgzlu-on-pull-request-7d8tp-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2025-09-11T13:35:58Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"}] 2025-09-11T13:35:58Z INF libvuln initialized component=libvuln/New 2025-09-11T13:36:00Z INF registered configured scanners component=libindex/New 2025-09-11T13:36:00Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2025-09-11T13:36:00Z INF index request start component=libindex/Libindex.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 2025-09-11T13:36:00Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 2025-09-11T13:36:00Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 state=CheckManifest 2025-09-11T13:36:00Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 state=FetchLayers 2025-09-11T13:36:05Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 state=FetchLayers 2025-09-11T13:36:05Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 state=FetchLayers 2025-09-11T13:36:05Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 state=ScanLayers 2025-09-11T13:36:05Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1 manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 path=root/buildinfo/Dockerfile-ubi9-9.2-359 scanner=rhel_containerscanner state=ScanLayers 2025-09-11T13:36:05Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8 manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 path=root/buildinfo/Dockerfile-ubi9-s2i-core-1-404 scanner=rhel_containerscanner state=ScanLayers 2025-09-11T13:36:05Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 path=root/buildinfo/Dockerfile-ubi9-s2i-base-1-432.1684740240 scanner=rhel_containerscanner state=ScanLayers 2025-09-11T13:36:05Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 path=root/buildinfo/Dockerfile-ubi9-python-39-1-117.1684741281 scanner=rhel_containerscanner state=ScanLayers 2025-09-11T13:36:09Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 state=ScanLayers 2025-09-11T13:36:09Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 state=IndexManifest 2025-09-11T13:36:09Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 state=IndexFinished 2025-09-11T13:36:09Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 state=IndexFinished 2025-09-11T13:36:09Z INF index request done component=libindex/Libindex.Index manifest=sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 { "manifest_hash": "sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057", "packages": { "+A7/nzEXX3Q/xJZ50VMnlQ==": { "id": "+A7/nzEXX3Q/xJZ50VMnlQ==", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+B22ALb6YCnXu+3s6afaLg==": { "id": "+B22ALb6YCnXu+3s6afaLg==", "name": "python3-decorator", "version": "4.4.2-6.el9", "kind": "binary", "source": { "id": "", "name": "python-decorator", "version": "4.4.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "+yIdH2Pb8SGFuXnry3uK/A==": { "id": "+yIdH2Pb8SGFuXnry3uK/A==", "name": "gdb", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/L1kFEoHZTukrNTCQLypFQ==": { "id": "/L1kFEoHZTukrNTCQLypFQ==", "name": "xz-libs", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/QWl/PWEGcxbGcHF8DRhpQ==": { "id": "/QWl/PWEGcxbGcHF8DRhpQ==", "name": "perl-overload", "version": "1.31-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "/hboeipJYwh21VHE3k8hmg==": { "id": "/hboeipJYwh21VHE3k8hmg==", "name": "systemd-libs", "version": "252-13.el9_2", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "252-13.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ix7t8u2ubW7Mpg/i3GMZw==": { "id": "/ix7t8u2ubW7Mpg/i3GMZw==", "name": "procps-ng", "version": "3.3.17-11.el9", "kind": "binary", "source": { "id": "", "name": "procps-ng", "version": "3.3.17-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/nzriCy9+x9+mJ5siYSQUQ==": { "id": "/nzriCy9+x9+mJ5siYSQUQ==", "name": "pam", "version": "1.5.1-14.el9", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.5.1-14.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/u+CSzV7kEfezwNM7CM7EA==": { "id": "/u+CSzV7kEfezwNM7CM7EA==", "name": "glibc-headers", "version": "2.34-60.el9", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-60.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ziQfr+n12RYSjYmCLOeJw==": { "id": "/ziQfr+n12RYSjYmCLOeJw==", "name": "perl-NDBM_File", "version": "1.15-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "06kxsmKuig0GXYujyWRf1g==": { "id": "06kxsmKuig0GXYujyWRf1g==", "name": "git", "version": "2.39.3-1.el9_2", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.39.3-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "09fH92fqoWDOaYEpwQ9p2g==": { "id": "09fH92fqoWDOaYEpwQ9p2g==", "name": "ed", "version": "1.14.2-12.el9", "kind": "binary", "source": { "id": "", "name": "ed", "version": "1.14.2-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0Bi+sE7Cahb/G3RtEz1Trg==": { "id": "0Bi+sE7Cahb/G3RtEz1Trg==", "name": "python3-dnf", "version": "4.14.0-5.el9_2", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.14.0-5.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "0MjC1Kk7xsOH9HZSfI3q+g==": { "id": "0MjC1Kk7xsOH9HZSfI3q+g==", "name": "python3-subscription-manager-rhsm", "version": "1.29.33.1-1.el9_2", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.33.1-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0Yvc2+M8FAry625wuL4S5A==": { "id": "0Yvc2+M8FAry625wuL4S5A==", "name": "less", "version": "590-1.el9_0", "kind": "binary", "source": { "id": "", "name": "less", "version": "590-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "13/XvLtRK2RDQlcsZc1BtQ==": { "id": "13/XvLtRK2RDQlcsZc1BtQ==", "name": "gdb-gdbserver", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1T7WJ83NrIa0U7DlD1BR4Q==": { "id": "1T7WJ83NrIa0U7DlD1BR4Q==", "name": "python-srpm-macros", "version": "3.9-52.el9", "kind": "binary", "source": { "id": "", "name": "python-rpm-macros", "version": "3.9-52.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1Wgi1A5rYYMDlKrTSmcrGw==": { "id": "1Wgi1A5rYYMDlKrTSmcrGw==", "name": "glibc-langpack-en", "version": "2.34-60.el9", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-60.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1XXuvf69/0I2dNHaU2UndQ==": { "id": "1XXuvf69/0I2dNHaU2UndQ==", "name": "patch", "version": "2.7.6-16.el9", "kind": "binary", "source": { "id": "", "name": "patch", "version": "2.7.6-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1dO83wB64hDLki3A4eA/Pg==": { "id": "1dO83wB64hDLki3A4eA/Pg==", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1h72uRXCx8BEJRBuxQUZxA==": { "id": "1h72uRXCx8BEJRBuxQUZxA==", "name": "perl-Symbol", "version": "1.08-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1h9uHE0QiXBO/zpJrT0VjA==": { "id": "1h9uHE0QiXBO/zpJrT0VjA==", "name": "ncurses-base", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1iUaGpv40BOJQUks5I0iYg==": { "id": "1iUaGpv40BOJQUks5I0iYg==", "name": "libicu", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1jyJPCL93kiEbfmNKeyz3g==": { "id": "1jyJPCL93kiEbfmNKeyz3g==", "name": "jinja2", "version": "3.1.6", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.6.0.0.0.0.0.0", "cpe": "" }, "1m9sKqHTfU4F/K4fidg9cg==": { "id": "1m9sKqHTfU4F/K4fidg9cg==", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1wBZnC1avvfNNrXqSBIrLQ==": { "id": "1wBZnC1avvfNNrXqSBIrLQ==", "name": "shadow-utils", "version": "2:4.9-6.el9", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1wLXgzkbHeATdTLAIa0dbQ==": { "id": "1wLXgzkbHeATdTLAIa0dbQ==", "name": "systemd-rpm-macros", "version": "252-13.el9_2", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "252-13.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "2KzE5vrx0XgyqjjMfDhPmA==": { "id": "2KzE5vrx0XgyqjjMfDhPmA==", "name": "libstdc++-devel", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2fg1ZRYCSPKKOgCxCcA36w==": { "id": "2fg1ZRYCSPKKOgCxCcA36w==", "name": "bzip2-libs", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2kFA6ghsw4jfGa4xzNB0dw==": { "id": "2kFA6ghsw4jfGa4xzNB0dw==", "name": "libjpeg-turbo", "version": "2.0.90-6.el9_1", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2pv3nM9LRsMhTVXXhKvVsA==": { "id": "2pv3nM9LRsMhTVXXhKvVsA==", "name": "python3-rpm", "version": "4.16.1.3-22.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-22.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2w8qE/d9mqIY/9+1qBBrPg==": { "id": "2w8qE/d9mqIY/9+1qBBrPg==", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "35MvZs/A5NUjD+xZ1Vlnyw==": { "id": "35MvZs/A5NUjD+xZ1Vlnyw==", "name": "libpkgconf", "version": "1.7.3-10.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "37pkHZ+z/wrqTgt4tlrp7g==": { "id": "37pkHZ+z/wrqTgt4tlrp7g==", "name": "gcc-gfortran", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "40gZpuDvr8Y82hwRT4gOdw==": { "id": "40gZpuDvr8Y82hwRT4gOdw==", "name": "setuptools", "version": "53.0.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.53.0.0.0.0.0.0.0.0", "cpe": "" }, "4CCULePjeuIVtIYtfIJ9IA==": { "id": "4CCULePjeuIVtIYtfIJ9IA==", "name": "libtiff-devel", "version": "4.4.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4Kw/w2gH7CYCOCv19cdYYA==": { "id": "4Kw/w2gH7CYCOCv19cdYYA==", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "4ThUof0MfmoEHGOuzmENug==": { "id": "4ThUof0MfmoEHGOuzmENug==", "name": "click", "version": "8.1.8", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.8.1.8.0.0.0.0.0.0", "cpe": "" }, "4ZvCk08kvYZC9Caa0g74jw==": { "id": "4ZvCk08kvYZC9Caa0g74jw==", "name": "apr-util-bdb", "version": "1.6.1-20.el9_2.1", "kind": "binary", "source": { "id": "", "name": "apr-util", "version": "1.6.1-20.el9_2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "582nBqlxZXz0sTRmkFvU4Q==": { "id": "582nBqlxZXz0sTRmkFvU4Q==", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5EpVrCQ4OYKiPYYEOuUcmQ==": { "id": "5EpVrCQ4OYKiPYYEOuUcmQ==", "name": "perl-Scalar-List-Utils", "version": "4:1.56-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Scalar-List-Utils", "version": "1.56-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5JeNH+bHiuiK9wwBZqH10A==": { "id": "5JeNH+bHiuiK9wwBZqH10A==", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "binary", "source": { "id": "", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5NHJ2FdetivE1fvI98uKwQ==": { "id": "5NHJ2FdetivE1fvI98uKwQ==", "name": "expat", "version": "2.5.0-1.el9", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5ZNEjbI9oKcr993lWqrXFA==": { "id": "5ZNEjbI9oKcr993lWqrXFA==", "name": "hunspell-en-US", "version": "0.20140811.1-20.el9", "kind": "binary", "source": { "id": "", "name": "hunspell-en", "version": "0.20140811.1-20.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "5gnny15srfcrOHbx7C1mGA==": { "id": "5gnny15srfcrOHbx7C1mGA==", "name": "file", "version": "5.39-12.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5mMnErn20FkAk/9uOd0U8Q==": { "id": "5mMnErn20FkAk/9uOd0U8Q==", "name": "util-linux", "version": "2.37.4-10.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5mmSudfrCeEmVSPweWmcVQ==": { "id": "5mmSudfrCeEmVSPweWmcVQ==", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5oq4jjwqdEJHokHmXZ7fFA==": { "id": "5oq4jjwqdEJHokHmXZ7fFA==", "name": "dwz", "version": "0.14-3.el9", "kind": "binary", "source": { "id": "", "name": "dwz", "version": "0.14-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "60b1mOIk+ncF/benyKWfug==": { "id": "60b1mOIk+ncF/benyKWfug==", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "63mZCXR3bqAFNclZSh99aQ==": { "id": "63mZCXR3bqAFNclZSh99aQ==", "name": "ubi9/python-39", "version": "1-117.1684741281", "kind": "binary", "source": { "id": "ECruELkzz3Vn9sJ6Cby5+A==", "name": "python-39-container", "version": "1-117.1684741281", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "6AYt+NWt55432RGa/HxiQg==": { "id": "6AYt+NWt55432RGa/HxiQg==", "name": "libXt", "version": "1.2.0-6.el9", "kind": "binary", "source": { "id": "", "name": "libXt", "version": "1.2.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6COiLlB/V7UlOwfuFJy77w==": { "id": "6COiLlB/V7UlOwfuFJy77w==", "name": "unzip", "version": "6.0-56.el9", "kind": "binary", "source": { "id": "", "name": "unzip", "version": "6.0-56.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G1ytjIPgX0NNsVwuPQKkQ==": { "id": "6G1ytjIPgX0NNsVwuPQKkQ==", "name": "python3-gpg", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G4wapu2zP6UYfTP+Ip2pA==": { "id": "6G4wapu2zP6UYfTP+Ip2pA==", "name": "gdb-headless", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6HUC1/dPziZpbtWEymw0nQ==": { "id": "6HUC1/dPziZpbtWEymw0nQ==", "name": "gzip", "version": "1.12-1.el9", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.12-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6J8s8AwMqy7tE/ISmFBsoA==": { "id": "6J8s8AwMqy7tE/ISmFBsoA==", "name": "rsync", "version": "3.2.3-19.el9", "kind": "binary", "source": { "id": "", "name": "rsync", "version": "3.2.3-19.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6LVRZKaAJH97OKCXsJMDDw==": { "id": "6LVRZKaAJH97OKCXsJMDDw==", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "6MFxZDjn6ZxVQspQib4VSA==": { "id": "6MFxZDjn6ZxVQspQib4VSA==", "name": "libXau", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6RxnMs+9yIqzJpLgR7I3zA==": { "id": "6RxnMs+9yIqzJpLgR7I3zA==", "name": "audit-libs", "version": "3.0.7-103.el9", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.0.7-103.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6SSb5cE7rBNUxI3/i20KSw==": { "id": "6SSb5cE7rBNUxI3/i20KSw==", "name": "perl-lib", "version": "0.65-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6camihNRcGvFSo3XinEWFg==": { "id": "6camihNRcGvFSo3XinEWFg==", "name": "libacl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "74+EW3adzZwX9DbUU0vOdA==": { "id": "74+EW3adzZwX9DbUU0vOdA==", "name": "which", "version": "2.21-28.el9", "kind": "binary", "source": { "id": "", "name": "which", "version": "2.21-28.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7EpSGPerbrvf/owa+1w1QQ==": { "id": "7EpSGPerbrvf/owa+1w1QQ==", "name": "rpm-build-libs", "version": "4.16.1.3-22.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-22.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7ZWYFE98hi9HyU5Q68Jgsw==": { "id": "7ZWYFE98hi9HyU5Q68Jgsw==", "name": "libX11-devel", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7kedTb4EJLDAcGarhqe+lQ==": { "id": "7kedTb4EJLDAcGarhqe+lQ==", "name": "rpm", "version": "4.16.1.3-22.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-22.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7qAMBOvJ2FYxpK9n05pI7Q==": { "id": "7qAMBOvJ2FYxpK9n05pI7Q==", "name": "libpng", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7wYzYHhhfFK6lCrrOlvj+A==": { "id": "7wYzYHhhfFK6lCrrOlvj+A==", "name": "nodejs-docs", "version": "1:16.19.1-1.el9_2", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.19.1-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "7yB5oIQve4tWIMlUmHbdQQ==": { "id": "7yB5oIQve4tWIMlUmHbdQQ==", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8/rEDMje4w3YcK4XpTSOGQ==": { "id": "8/rEDMje4w3YcK4XpTSOGQ==", "name": "libcom_err-devel", "version": "1.46.5-3.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "83fA9kwjFvY8nwB2UCgukg==": { "id": "83fA9kwjFvY8nwB2UCgukg==", "name": "openssl-devel", "version": "1:3.0.7-6.el9_2", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.7-6.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "88jYB91M4ddvxo2XjMJKmQ==": { "id": "88jYB91M4ddvxo2XjMJKmQ==", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "binary", "source": { "id": "", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Q+4qMpgUhvMDCe2QUBIuQ==": { "id": "8Q+4qMpgUhvMDCe2QUBIuQ==", "name": "dbus", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8c2Y1Jul4k8x0+owb81kuA==": { "id": "8c2Y1Jul4k8x0+owb81kuA==", "name": "lua-libs", "version": "5.4.4-3.el9", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.4.4-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8gpmX0NZa9MMhcqi6FUGtg==": { "id": "8gpmX0NZa9MMhcqi6FUGtg==", "name": "python3-gobject-base", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9HjCH3SeUwgItfYZysNlOw==": { "id": "9HjCH3SeUwgItfYZysNlOw==", "name": "mariadb-connector-c-config", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9V410rRhvY0CLuMEbP5hyA==": { "id": "9V410rRhvY0CLuMEbP5hyA==", "name": "git-core", "version": "2.39.3-1.el9_2", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.39.3-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9bMXqD09C2r4s8P+HNy2uw==": { "id": "9bMXqD09C2r4s8P+HNy2uw==", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9xJldKRjya3FuhMWdyx68w==": { "id": "9xJldKRjya3FuhMWdyx68w==", "name": "apr-util-devel", "version": "1.6.1-20.el9_2.1", "kind": "binary", "source": { "id": "", "name": "apr-util", "version": "1.6.1-20.el9_2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ACNA1cjsRpihwLsZYxMiYQ==": { "id": "ACNA1cjsRpihwLsZYxMiYQ==", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "binary", "source": { "id": "", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AMrZylSYCrcbfUCrsrIYjA==": { "id": "AMrZylSYCrcbfUCrsrIYjA==", "name": "libwebp", "version": "1.2.0-6.el9_1", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AOquy/6bQ9axg0KRp6hMjg==": { "id": "AOquy/6bQ9axg0KRp6hMjg==", "name": "libbrotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AUVOf/0NbfB/XbugSBELUw==": { "id": "AUVOf/0NbfB/XbugSBELUw==", "name": "libcurl-devel", "version": "7.76.1-23.el9_2.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-23.el9_2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AbW1lRpGUjSEKNnr/Toz6A==": { "id": "AbW1lRpGUjSEKNnr/Toz6A==", "name": "jbigkit-libs", "version": "2.1-23.el9", "kind": "binary", "source": { "id": "", "name": "jbigkit", "version": "2.1-23.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Afy1ky17wt57Z2vMS7UXlA==": { "id": "Afy1ky17wt57Z2vMS7UXlA==", "name": "perl-Getopt-Std", "version": "1.12-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "AhFiXUdFjh8mMgmH3rq4zA==": { "id": "AhFiXUdFjh8mMgmH3rq4zA==", "name": "mod_http2", "version": "1.15.19-4.el9_2.4", "kind": "binary", "source": { "id": "", "name": "mod_http2", "version": "1.15.19-4.el9_2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AjGTpuwkPMpLZjupJLFktg==": { "id": "AjGTpuwkPMpLZjupJLFktg==", "name": "perl-base", "version": "2.27-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "AnHvlYoTKSxzg0JMVMiJkg==": { "id": "AnHvlYoTKSxzg0JMVMiJkg==", "name": "openldap-compat", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "B1GkMmH68NQBb820A14+rg==": { "id": "B1GkMmH68NQBb820A14+rg==", "name": "libdb-devel", "version": "5.3.28-53.el9", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-53.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BJbegVsc0QXOgPydbqTe/A==": { "id": "BJbegVsc0QXOgPydbqTe/A==", "name": "libdnf", "version": "0.69.0-3.el9_2", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.69.0-3.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BQhiFmX4hLYteW4oRCLTSA==": { "id": "BQhiFmX4hLYteW4oRCLTSA==", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BRLVvSCW1qZQlEQR2x48fQ==": { "id": "BRLVvSCW1qZQlEQR2x48fQ==", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.68.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BhMVGkQNwq2K8Ychx/Kb6g==": { "id": "BhMVGkQNwq2K8Ychx/Kb6g==", "name": "apr-util-ldap", "version": "1.6.1-20.el9_2.1", "kind": "binary", "source": { "id": "", "name": "apr-util", "version": "1.6.1-20.el9_2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Bolq8JGwz5haaKYRC3NHug==": { "id": "Bolq8JGwz5haaKYRC3NHug==", "name": "kernel-srpm-macros", "version": "1.0-12.el9", "kind": "binary", "source": { "id": "", "name": "kernel-srpm-macros", "version": "1.0-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "C0IRn/3ulny4xrH7kewdrQ==": { "id": "C0IRn/3ulny4xrH7kewdrQ==", "name": "apr", "version": "1.7.0-11.el9", "kind": "binary", "source": { "id": "", "name": "apr", "version": "1.7.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "C7VGVckK0YZj4RiVmStEsA==": { "id": "C7VGVckK0YZj4RiVmStEsA==", "name": "sqlite-libs", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "C8fVRwKo3Aa5uPZ1lpSFqg==": { "id": "C8fVRwKo3Aa5uPZ1lpSFqg==", "name": "perl-AutoLoader", "version": "5.74-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "CXRheoFIylTt2C0ZN4qu3w==": { "id": "CXRheoFIylTt2C0ZN4qu3w==", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "binary", "source": { "id": "", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Clbp1ERO3UWUCfklcBdPow==": { "id": "Clbp1ERO3UWUCfklcBdPow==", "name": "coreutils-single", "version": "8.32-34.el9", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-34.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cwut2mrMMUaIvKenvO1qWw==": { "id": "Cwut2mrMMUaIvKenvO1qWw==", "name": "perl-Socket", "version": "4:2.031-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Socket", "version": "2.031-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D2OZMHNtxbdL+hwzDwrPaA==": { "id": "D2OZMHNtxbdL+hwzDwrPaA==", "name": "perl-Git", "version": "2.39.3-1.el9_2", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.39.3-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D4xxz2lxaTPGbwtkkjV5cA==": { "id": "D4xxz2lxaTPGbwtkkjV5cA==", "name": "libsepol-devel", "version": "3.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D93v97Kl2oOy+zY5Qaa6xQ==": { "id": "D93v97Kl2oOy+zY5Qaa6xQ==", "name": "perl-File-Compare", "version": "1.100.600-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DFAPKmwcoKwcymBtOC1U2w==": { "id": "DFAPKmwcoKwcymBtOC1U2w==", "name": "elfutils-debuginfod-client", "version": "0.188-3.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.188-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DK0d2bPQCX0xz6Lec7u1cg==": { "id": "DK0d2bPQCX0xz6Lec7u1cg==", "name": "info", "version": "6.7-15.el9", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.7-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DMchAI2VcGSa4n8bdw5YkA==": { "id": "DMchAI2VcGSa4n8bdw5YkA==", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "binary", "source": { "id": "", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DSiKsVzdOYp1aJo/8T0A5A==": { "id": "DSiKsVzdOYp1aJo/8T0A5A==", "name": "pcre", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DVWG3mWD7odZzCgFCUPZPw==": { "id": "DVWG3mWD7odZzCgFCUPZPw==", "name": "pkgconf-pkg-config", "version": "1.7.3-10.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DgiaeDan63coleu8kP7BcQ==": { "id": "DgiaeDan63coleu8kP7BcQ==", "name": "libuuid", "version": "2.37.4-10.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DrLq8qfU1bfE8o8AfdvkrQ==": { "id": "DrLq8qfU1bfE8o8AfdvkrQ==", "name": "libverto", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Drl564LoG2Da4MkRcGVqPA==": { "id": "Drl564LoG2Da4MkRcGVqPA==", "name": "httpd-tools", "version": "2.4.53-11.el9_2.5", "kind": "binary", "source": { "id": "", "name": "httpd", "version": "2.4.53-11.el9_2.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DsBwkcaqc0GOnmEzcxe6HQ==": { "id": "DsBwkcaqc0GOnmEzcxe6HQ==", "name": "libkadm5", "version": "1.20.1-8.el9", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.20.1-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DyrGGOXnL/bhmZ8ggdwfGA==": { "id": "DyrGGOXnL/bhmZ8ggdwfGA==", "name": "pyproject-srpm-macros", "version": "1.6.2-1.el9", "kind": "binary", "source": { "id": "", "name": "pyproject-rpm-macros", "version": "1.6.2-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "E6FiF4JjozMnlWdjWl5qOw==": { "id": "E6FiF4JjozMnlWdjWl5qOw==", "name": "apr-util", "version": "1.6.1-20.el9_2.1", "kind": "binary", "source": { "id": "", "name": "apr-util", "version": "1.6.1-20.el9_2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "E7tAiOdLCOrmIg8OycJ2lQ==": { "id": "E7tAiOdLCOrmIg8OycJ2lQ==", "name": "glibc", "version": "2.34-60.el9", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-60.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ECruELkzz3Vn9sJ6Cby5+A==": { "id": "ECruELkzz3Vn9sJ6Cby5+A==", "name": "python-39-container", "version": "1-117.1684741281", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "ED0/IlCpWWQwBBKR2YT9sw==": { "id": "ED0/IlCpWWQwBBKR2YT9sw==", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "binary", "source": { "id": "", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EEcEMKhGMvXAfnMhboIpqw==": { "id": "EEcEMKhGMvXAfnMhboIpqw==", "name": "publicsuffix-list-dafsa", "version": "20210518-3.el9", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20210518-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "EIxMRDPpO5H8aQAkWTEZCw==": { "id": "EIxMRDPpO5H8aQAkWTEZCw==", "name": "mod_lua", "version": "2.4.53-11.el9_2.5", "kind": "binary", "source": { "id": "", "name": "httpd", "version": "2.4.53-11.el9_2.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EnQzaG96EBHr5ye6u8iVOQ==": { "id": "EnQzaG96EBHr5ye6u8iVOQ==", "name": "mailcap", "version": "2.1.49-5.el9", "kind": "binary", "source": { "id": "", "name": "mailcap", "version": "2.1.49-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "EuIN5ixMdxC4uPbLWLSy8A==": { "id": "EuIN5ixMdxC4uPbLWLSy8A==", "name": "python3-setuptools", "version": "53.0.0-12.el9", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Exv8+xTp+7Y4AfuM+ph47Q==": { "id": "Exv8+xTp+7Y4AfuM+ph47Q==", "name": "perl-parent", "version": "1:0.238-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-parent", "version": "0.238-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "F1JLyBPuVB2S11BumSCVVw==": { "id": "F1JLyBPuVB2S11BumSCVVw==", "name": "glibc-gconv-extra", "version": "2.34-60.el9", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-60.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FDUyOkFgFnO2w8haox6MJw==": { "id": "FDUyOkFgFnO2w8haox6MJw==", "name": "elfutils-default-yama-scope", "version": "0.188-3.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.188-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FEF27h+V5TzrUeQsFddapA==": { "id": "FEF27h+V5TzrUeQsFddapA==", "name": "libSM", "version": "1.2.3-10.el9", "kind": "binary", "source": { "id": "", "name": "libSM", "version": "1.2.3-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FFSNe661VBElA1asGZ7k3g==": { "id": "FFSNe661VBElA1asGZ7k3g==", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "binary", "source": { "id": "", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FKD/ouYSWOOZHy4i43SaxA==": { "id": "FKD/ouYSWOOZHy4i43SaxA==", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "binary", "source": { "id": "", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FKzmXNUIrd1g2WeC3v221w==": { "id": "FKzmXNUIrd1g2WeC3v221w==", "name": "nodejs", "version": "1:16.19.1-1.el9_2", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.19.1-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FMrR4PbDeEhmMEh2juuVnw==": { "id": "FMrR4PbDeEhmMEh2juuVnw==", "name": "wget", "version": "1.21.1-7.el9", "kind": "binary", "source": { "id": "", "name": "wget", "version": "1.21.1-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FOYEI/hfn+okYJdoTuLQkQ==": { "id": "FOYEI/hfn+okYJdoTuLQkQ==", "name": "binutils", "version": "2.35.2-37.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FVL6ljas6Mq4jYoOr1b6Hw==": { "id": "FVL6ljas6Mq4jYoOr1b6Hw==", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "binary", "source": { "id": "", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FW8ByCOP6ljvNWDQolahwg==": { "id": "FW8ByCOP6ljvNWDQolahwg==", "name": "sysprof-capture-devel", "version": "3.40.1-3.el9", "kind": "binary", "source": { "id": "", "name": "sysprof", "version": "3.40.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FaNO6QWs1mWPp40PrBiBUQ==": { "id": "FaNO6QWs1mWPp40PrBiBUQ==", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FoUYQJca0lwtZ/1vlqs/Lg==": { "id": "FoUYQJca0lwtZ/1vlqs/Lg==", "name": "libtiff", "version": "4.4.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Fy3bplraTnRnJlV5RewauA==": { "id": "Fy3bplraTnRnJlV5RewauA==", "name": "libxslt-devel", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+9N13KrW8llfPCf5WB6VQ==": { "id": "G+9N13KrW8llfPCf5WB6VQ==", "name": "python3-pip", "version": "21.2.3-6.el9", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "21.2.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "G1YDEd7+V95Qa+PMxB8sJw==": { "id": "G1YDEd7+V95Qa+PMxB8sJw==", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "G61ZL2SOHR2qgvQfi118gw==": { "id": "G61ZL2SOHR2qgvQfi118gw==", "name": "dejavu-sans-fonts", "version": "2.37-18.el9", "kind": "binary", "source": { "id": "", "name": "dejavu-fonts", "version": "2.37-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GIScmMWQrnoFNoEgq3fg2w==": { "id": "GIScmMWQrnoFNoEgq3fg2w==", "name": "python3-dbus", "version": "1.2.18-2.el9", "kind": "binary", "source": { "id": "", "name": "dbus-python", "version": "1.2.18-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GSkR2SOuqWQN8NtOvU4cgw==": { "id": "GSkR2SOuqWQN8NtOvU4cgw==", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GcPR4oPcmP8xTRqQf8mOrA==": { "id": "GcPR4oPcmP8xTRqQf8mOrA==", "name": "zipp", "version": "3.23.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.23.0.0.0.0.0.0.0", "cpe": "" }, "Gk1VvIy1LEM/8q8synm4CA==": { "id": "Gk1VvIy1LEM/8q8synm4CA==", "name": "python3-librepo", "version": "1.14.5-1.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GoSJNc45d375ndxFSydBLQ==": { "id": "GoSJNc45d375ndxFSydBLQ==", "name": "llvm-libs", "version": "15.0.7-1.el9", "kind": "binary", "source": { "id": "", "name": "llvm", "version": "15.0.7-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GtFO3rQtk4lExV/Q1qfFOg==": { "id": "GtFO3rQtk4lExV/Q1qfFOg==", "name": "zip", "version": "3.0-35.el9", "kind": "binary", "source": { "id": "", "name": "zip", "version": "3.0-35.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H3zfV58LzeEUiNQbZbZb2A==": { "id": "H3zfV58LzeEUiNQbZbZb2A==", "name": "perl-File-Temp", "version": "1:0.231.100-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Temp", "version": "0.231.100-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HFwGHerHwgvY8vkjr3x1Pg==": { "id": "HFwGHerHwgvY8vkjr3x1Pg==", "name": "itsdangerous", "version": "2.2.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.2.0.0.0.0.0.0.0", "cpe": "" }, "HRtVOTg/Y7Pvd6wqcX24fA==": { "id": "HRtVOTg/Y7Pvd6wqcX24fA==", "name": "python3-requests", "version": "2.25.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-requests", "version": "2.25.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HbglDdnV9yne0i8jQL30HA==": { "id": "HbglDdnV9yne0i8jQL30HA==", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "I+WaA97GC/ibT79EOQ1/hg==": { "id": "I+WaA97GC/ibT79EOQ1/hg==", "name": "perl-Class-Struct", "version": "0.66-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "I16VSEydeiRYB1TSf5694A==": { "id": "I16VSEydeiRYB1TSf5694A==", "name": "libreport-filesystem", "version": "2.15.2-6.el9", "kind": "binary", "source": { "id": "", "name": "libreport", "version": "2.15.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IDaB7M+//88qbPppM+LpUw==": { "id": "IDaB7M+//88qbPppM+LpUw==", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IEOPnSI+YMVMmOLLC+bSlQ==": { "id": "IEOPnSI+YMVMmOLLC+bSlQ==", "name": "libwebp-devel", "version": "1.2.0-6.el9_1", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IKF7K/1fqT3je0bcasBeFg==": { "id": "IKF7K/1fqT3je0bcasBeFg==", "name": "libdnf-plugin-subscription-manager", "version": "1.29.33.1-1.el9_2", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.33.1-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IOb5jo+s7DgjzeK/LoVNig==": { "id": "IOb5jo+s7DgjzeK/LoVNig==", "name": "libdb", "version": "5.3.28-53.el9", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-53.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J/syUZ/V3aaUrNt/Dr2u9g==": { "id": "J/syUZ/V3aaUrNt/Dr2u9g==", "name": "perl-File-Find", "version": "1.37-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JAKIgWlsG9s5Mu8FvR37Sw==": { "id": "JAKIgWlsG9s5Mu8FvR37Sw==", "name": "atlas-devel", "version": "3.10.3-17.el9", "kind": "binary", "source": { "id": "", "name": "atlas", "version": "3.10.3-17.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JCGQTIbPty0c46D5t4dVHw==": { "id": "JCGQTIbPty0c46D5t4dVHw==", "name": "glibc-locale-source", "version": "2.34-60.el9", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-60.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JI92axWONkD2XCTUAeCtuQ==": { "id": "JI92axWONkD2XCTUAeCtuQ==", "name": "autoconf", "version": "2.69-38.el9", "kind": "binary", "source": { "id": "", "name": "autoconf", "version": "2.69-38.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JKP7JzVg7UGaAz4VrH03lQ==": { "id": "JKP7JzVg7UGaAz4VrH03lQ==", "name": "langpacks-core-font-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JWSejabRwbOC28zMUX6wRw==": { "id": "JWSejabRwbOC28zMUX6wRw==", "name": "perl-File-Basename", "version": "2.85-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JaDqP2PIekJ4FuDfyPDUKA==": { "id": "JaDqP2PIekJ4FuDfyPDUKA==", "name": "dmidecode", "version": "1:3.3-7.el9", "kind": "binary", "source": { "id": "", "name": "dmidecode", "version": "3.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "K04omiWBsTnRCbFVZLmRKw==": { "id": "K04omiWBsTnRCbFVZLmRKw==", "name": "python3-ethtool", "version": "0.15-2.el9", "kind": "binary", "source": { "id": "", "name": "python-ethtool", "version": "0.15-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "K1DorLN/5PaEJVa4ywo4tQ==": { "id": "K1DorLN/5PaEJVa4ywo4tQ==", "name": "crypto-policies", "version": "20221215-1.git9a18988.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20221215-1.git9a18988.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "K5U87AYLwYDq48YpniD72A==": { "id": "K5U87AYLwYDq48YpniD72A==", "name": "libffi", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KF5C+zKu/uFB7knCqOvDAQ==": { "id": "KF5C+zKu/uFB7knCqOvDAQ==", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KH0/KbRUi7KL6UvWa8i6Pg==": { "id": "KH0/KbRUi7KL6UvWa8i6Pg==", "name": "python3-inotify", "version": "0.9.6-25.el9", "kind": "binary", "source": { "id": "", "name": "python-inotify", "version": "0.9.6-25.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KI3G71oxLg+E+Mu8flfxMA==": { "id": "KI3G71oxLg+E+Mu8flfxMA==", "name": "sscg", "version": "3.0.0-7.el9", "kind": "binary", "source": { "id": "", "name": "sscg", "version": "3.0.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KMPuzPUoJW0H9SIkP0WBiw==": { "id": "KMPuzPUoJW0H9SIkP0WBiw==", "name": "libpath_utils", "version": "0.2.1-53.el9", "kind": "binary", "source": { "id": "", "name": "ding-libs", "version": "0.6.1-53.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KSobT+LH4PXsCiP04HOhbQ==": { "id": "KSobT+LH4PXsCiP04HOhbQ==", "name": "gdbm-libs", "version": "1:1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KcftiMkhTw4x89HNJI8NNg==": { "id": "KcftiMkhTw4x89HNJI8NNg==", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KlSRCTMecbL63Kg+FZjUdQ==": { "id": "KlSRCTMecbL63Kg+FZjUdQ==", "name": "libicu-devel", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KnsryeYjIOfmvupUdl8bDg==": { "id": "KnsryeYjIOfmvupUdl8bDg==", "name": "scl-utils", "version": "1:2.0.3-4.el9", "kind": "binary", "source": { "id": "", "name": "scl-utils", "version": "2.0.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KyRw1LumZrRo6AKKkHgP7w==": { "id": "KyRw1LumZrRo6AKKkHgP7w==", "name": "libXext", "version": "1.3.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libXext", "version": "1.3.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L1wl5gEz2lzyNJbirzPmpQ==": { "id": "L1wl5gEz2lzyNJbirzPmpQ==", "name": "pcre2-utf32", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L2RUW2Fm5EOgoqwyitY3bg==": { "id": "L2RUW2Fm5EOgoqwyitY3bg==", "name": "dbus-broker", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "dbus-broker", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LDIMlzOywHz1+CG5FwjKdQ==": { "id": "LDIMlzOywHz1+CG5FwjKdQ==", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "binary", "source": { "id": "", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "LEyuwSco7tb1WIyWy42H8g==": { "id": "LEyuwSco7tb1WIyWy42H8g==", "name": "perl-Storable", "version": "1:3.21-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Storable", "version": "3.21-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LKZnqm8WNoyW7jCRmFcI0g==": { "id": "LKZnqm8WNoyW7jCRmFcI0g==", "name": "libsmartcols", "version": "2.37.4-10.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LPYp5WHbuUIrDoVmdSqGPw==": { "id": "LPYp5WHbuUIrDoVmdSqGPw==", "name": "hunspell-en", "version": "0.20140811.1-20.el9", "kind": "binary", "source": { "id": "", "name": "hunspell-en", "version": "0.20140811.1-20.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "LQ04QTiA8wpfXc1xh98HzQ==": { "id": "LQ04QTiA8wpfXc1xh98HzQ==", "name": "cmake-rpm-macros", "version": "3.20.2-8.el9", "kind": "binary", "source": { "id": "", "name": "cmake", "version": "3.20.2-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "LZYaKh1MnXoGX4fHzghRTQ==": { "id": "LZYaKh1MnXoGX4fHzghRTQ==", "name": "usermode", "version": "1.114-4.el9", "kind": "binary", "source": { "id": "", "name": "usermode", "version": "1.114-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ldg4Wge0D5hiTxUZpj8f0g==": { "id": "Ldg4Wge0D5hiTxUZpj8f0g==", "name": "python3-devel", "version": "3.9.16-1.el9", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.16-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Leh3RdsGa1oyRcl5Dz4SdA==": { "id": "Leh3RdsGa1oyRcl5Dz4SdA==", "name": "gd-devel", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LjtOegR/S/Y0KwJeOuSl/w==": { "id": "LjtOegR/S/Y0KwJeOuSl/w==", "name": "perl-podlators", "version": "1:4.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-podlators", "version": "4.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Lp/xMYo4cC+PpuBlkEhbWg==": { "id": "Lp/xMYo4cC+PpuBlkEhbWg==", "name": "glibc-devel", "version": "2.34-60.el9", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-60.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Lwqn0aweLQLZmo12VvYcog==": { "id": "Lwqn0aweLQLZmo12VvYcog==", "name": "popt", "version": "1.18-8.el9", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "M2qdPAOOvb+CWXJwouP4Rw==": { "id": "M2qdPAOOvb+CWXJwouP4Rw==", "name": "mariadb-connector-c-devel", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MDH8Zt4oQWDiYk9qFV5Lbg==": { "id": "MDH8Zt4oQWDiYk9qFV5Lbg==", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MORX6hW9ZLZCt/52w71zTg==": { "id": "MORX6hW9ZLZCt/52w71zTg==", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MWMHgjR1viS9EYhgh87XqQ==": { "id": "MWMHgjR1viS9EYhgh87XqQ==", "name": "markupsafe", "version": "3.0.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.0.2.0.0.0.0.0.0", "cpe": "" }, "MXR26wvfFq4/JiRamdOfsA==": { "id": "MXR26wvfFq4/JiRamdOfsA==", "name": "pixman", "version": "0.40.0-5.el9", "kind": "binary", "source": { "id": "", "name": "pixman", "version": "0.40.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ma5Vpx57SAZOCC5w2EPQYw==": { "id": "Ma5Vpx57SAZOCC5w2EPQYw==", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MdGkZ055CI+TZYqVm7FIPg==": { "id": "MdGkZ055CI+TZYqVm7FIPg==", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "binary", "source": { "id": "", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Mjle5B5h66lsDAGaEb0h1A==": { "id": "Mjle5B5h66lsDAGaEb0h1A==", "name": "perl-IPC-Open3", "version": "1.21-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Mp61fGpK3II0W8dIQgk3hA==": { "id": "Mp61fGpK3II0W8dIQgk3hA==", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "binary", "source": { "id": "", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Mq+Zh5sZAvsHrG1oP+tU+Q==": { "id": "Mq+Zh5sZAvsHrG1oP+tU+Q==", "name": "environment-modules", "version": "5.0.1-2.el9", "kind": "binary", "source": { "id": "", "name": "environment-modules", "version": "5.0.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MsMq213pNjOV+46+wi8tyQ==": { "id": "MsMq213pNjOV+46+wi8tyQ==", "name": "git-core-doc", "version": "2.39.3-1.el9_2", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.39.3-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "MvJE7slPeyMPjzl+J8UH7w==": { "id": "MvJE7slPeyMPjzl+J8UH7w==", "name": "make", "version": "1:4.3-7.el9", "kind": "binary", "source": { "id": "", "name": "make", "version": "4.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MxYp6jmrNGPG4EUMxgtsIw==": { "id": "MxYp6jmrNGPG4EUMxgtsIw==", "name": "qt5-srpm-macros", "version": "5.15.3-1.el9", "kind": "binary", "source": { "id": "", "name": "qt5", "version": "5.15.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "N6Nykj9OHLGhZUXyjmuxgA==": { "id": "N6Nykj9OHLGhZUXyjmuxgA==", "name": "libgomp", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N9SQ1VZ/1zaqG0gdsMW91g==": { "id": "N9SQ1VZ/1zaqG0gdsMW91g==", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NOK9CQMBrSIXIbB8sT8wjA==": { "id": "NOK9CQMBrSIXIbB8sT8wjA==", "name": "emacs-filesystem", "version": "1:27.2-8.el9_2.1", "kind": "binary", "source": { "id": "", "name": "emacs", "version": "27.2-8.el9_2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NQAINik1AG7Zn8OB8pLDpA==": { "id": "NQAINik1AG7Zn8OB8pLDpA==", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "binary", "source": { "id": "", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Nak/NGhCYVubG4CsEbHhug==": { "id": "Nak/NGhCYVubG4CsEbHhug==", "name": "graphite2-devel", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NbVL9FOta2NZ1h+700bdWg==": { "id": "NbVL9FOta2NZ1h+700bdWg==", "name": "python3-libdnf", "version": "0.69.0-3.el9_2", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.69.0-3.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NdCY2/S+syamLH224R4hug==": { "id": "NdCY2/S+syamLH224R4hug==", "name": "langpacks-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NkVP5O90EaiaDjZZzKM5xg==": { "id": "NkVP5O90EaiaDjZZzKM5xg==", "name": "zlib", "version": "1.2.11-39.el9", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-39.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "O2sY6X4Mcumj/NPEmCvuLA==": { "id": "O2sY6X4Mcumj/NPEmCvuLA==", "name": "redhat-rpm-config", "version": "199-1.el9", "kind": "binary", "source": { "id": "", "name": "redhat-rpm-config", "version": "199-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "OD9rasSWx3gpljb/Y6wfUw==": { "id": "OD9rasSWx3gpljb/Y6wfUw==", "name": "subscription-manager", "version": "1.29.33.1-1.el9_2", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.33.1-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OgwdUybWl/HQYbnPTE4Psw==": { "id": "OgwdUybWl/HQYbnPTE4Psw==", "name": "npth", "version": "1.6-8.el9", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.6-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OjNTXmzk3GTlhFWWWLxaGQ==": { "id": "OjNTXmzk3GTlhFWWWLxaGQ==", "name": "python3-dnf-plugins-core", "version": "4.3.0-5.el9_2", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.3.0-5.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "OkY4XBjh2jDTkYhGjNkrUA==": { "id": "OkY4XBjh2jDTkYhGjNkrUA==", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ol1YWxU11Z64v1nA/zb/5w==": { "id": "Ol1YWxU11Z64v1nA/zb/5w==", "name": "pkgconf", "version": "1.7.3-10.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "On+NX4Yr+KIGVwagqPDWcQ==": { "id": "On+NX4Yr+KIGVwagqPDWcQ==", "name": "pcre2-utf16", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OouxvJU/PMvcyf8kTSdMMg==": { "id": "OouxvJU/PMvcyf8kTSdMMg==", "name": "ubi9", "version": "9.2-359", "kind": "binary", "source": { "id": "cyPuHTnlw1rgBeukzqOA/Q==", "name": "ubi9-container", "version": "9.2-359", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.2.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:9.2.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "OvOSK0YS4U6j2gyFBATNXg==": { "id": "OvOSK0YS4U6j2gyFBATNXg==", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PTFUIquIrYO4PcMvo6vxMg==": { "id": "PTFUIquIrYO4PcMvo6vxMg==", "name": "rpm-libs", "version": "4.16.1.3-22.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-22.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PW1RAxkiwx83tVBhyQViyw==": { "id": "PW1RAxkiwx83tVBhyQViyw==", "name": "libstdc++", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Pstkjkz7Io1S30t7a9lp4w==": { "id": "Pstkjkz7Io1S30t7a9lp4w==", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "binary", "source": { "id": "", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Pw9vkrF+FmWj2LeMt/9ntA==": { "id": "Pw9vkrF+FmWj2LeMt/9ntA==", "name": "krb5-devel", "version": "1.20.1-8.el9", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.20.1-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QJRhZnlhvKxabkibTf2YwQ==": { "id": "QJRhZnlhvKxabkibTf2YwQ==", "name": "perl-overloading", "version": "0.02-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "QdLtAM3jbmPPAUlc8Ii/Sw==": { "id": "QdLtAM3jbmPPAUlc8Ii/Sw==", "name": "libuser", "version": "0.63-12.el9", "kind": "binary", "source": { "id": "", "name": "libuser", "version": "0.63-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QwKK6TG/JtcCly9jntVf+w==": { "id": "QwKK6TG/JtcCly9jntVf+w==", "name": "vim-filesystem", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "R9sC7SuM6vJmJZYq/bMHWw==": { "id": "R9sC7SuM6vJmJZYq/bMHWw==", "name": "m4", "version": "1.4.19-1.el9", "kind": "binary", "source": { "id": "", "name": "m4", "version": "1.4.19-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RNF99TNFsR24U7tzdyzajw==": { "id": "RNF99TNFsR24U7tzdyzajw==", "name": "werkzeug", "version": "3.1.3", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.3.0.0.0.0.0.0", "cpe": "" }, "RYlcnK5aDkYpG2HTfkwNDQ==": { "id": "RYlcnK5aDkYpG2HTfkwNDQ==", "name": "enchant", "version": "1:1.6.0-30.el9", "kind": "binary", "source": { "id": "", "name": "enchant", "version": "1.6.0-30.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RgUn0rRy/i742s4qQGGoNw==": { "id": "RgUn0rRy/i742s4qQGGoNw==", "name": "libcom_err", "version": "1.46.5-3.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RnnkgzrsHA8d297AfaWbPg==": { "id": "RnnkgzrsHA8d297AfaWbPg==", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RunEBGWLLuuKjZpttkMLmw==": { "id": "RunEBGWLLuuKjZpttkMLmw==", "name": "libblkid-devel", "version": "2.37.4-10.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "S/No5oxfxOsjYA7UDjS1kA==": { "id": "S/No5oxfxOsjYA7UDjS1kA==", "name": "annobin", "version": "11.05-1.el9", "kind": "binary", "source": { "id": "", "name": "annobin", "version": "11.05-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "S2LCo+58/O6rmc/KZC6ghA==": { "id": "S2LCo+58/O6rmc/KZC6ghA==", "name": "yum", "version": "4.14.0-5.el9_2", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.14.0-5.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "S7oZGbo6zhW2tPnf4bdYAg==": { "id": "S7oZGbo6zhW2tPnf4bdYAg==", "name": "hunspell", "version": "1.7.0-11.el9", "kind": "binary", "source": { "id": "", "name": "hunspell", "version": "1.7.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SJ23Qf9ZGTl5HD5F3qeZTQ==": { "id": "SJ23Qf9ZGTl5HD5F3qeZTQ==", "name": "rpm-sign-libs", "version": "4.16.1.3-22.el9", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-22.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SSFXEK4vNCR4s9ImWtXtgA==": { "id": "SSFXEK4vNCR4s9ImWtXtgA==", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SZllfeGD2yJm0VL0H7onLg==": { "id": "SZllfeGD2yJm0VL0H7onLg==", "name": "libxcb-devel", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SdI1Am/qHph5dG2ZoOeUIQ==": { "id": "SdI1Am/qHph5dG2ZoOeUIQ==", "name": "libevent", "version": "2.1.12-6.el9", "kind": "binary", "source": { "id": "", "name": "libevent", "version": "2.1.12-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "T2VlKjO7CHKpAcTlRn+i4A==": { "id": "T2VlKjO7CHKpAcTlRn+i4A==", "name": "expat-devel", "version": "2.5.0-1.el9", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "T30/e/rXh5Z9TgwiY2CCAw==": { "id": "T30/e/rXh5Z9TgwiY2CCAw==", "name": "libtalloc", "version": "2.3.4-1.el9", "kind": "binary", "source": { "id": "", "name": "libtalloc", "version": "2.3.4-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "T8zXVQHo3h0ASj7NMqYhvw==": { "id": "T8zXVQHo3h0ASj7NMqYhvw==", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TPIRq84Pr3a6ywzPeCr3Pw==": { "id": "TPIRq84Pr3a6ywzPeCr3Pw==", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tl6ebomp9GQLN9svWzKp+w==": { "id": "Tl6ebomp9GQLN9svWzKp+w==", "name": "libcap", "version": "2.48-8.el9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "To0NR+oyXDu1CYJfmVGurQ==": { "id": "To0NR+oyXDu1CYJfmVGurQ==", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tob5YtKxleVTQzw2GCmwGg==": { "id": "Tob5YtKxleVTQzw2GCmwGg==", "name": "libpq-devel", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzNyp6yTJ3m0O8xeeDKC3A==": { "id": "TzNyp6yTJ3m0O8xeeDKC3A==", "name": "libpq", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzT9ayOh2hZShfYtipxZEw==": { "id": "TzT9ayOh2hZShfYtipxZEw==", "name": "harfbuzz-icu", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "U0P0dNPn1iUcw6b33AAKUg==": { "id": "U0P0dNPn1iUcw6b33AAKUg==", "name": "sqlite-devel", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UAY1jP87klJyaGdFPK7xTw==": { "id": "UAY1jP87klJyaGdFPK7xTw==", "name": "file-libs", "version": "5.39-12.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UFOUWXspgJlx00D0q0rCUg==": { "id": "UFOUWXspgJlx00D0q0rCUg==", "name": "hunspell-en-GB", "version": "0.20140811.1-20.el9", "kind": "binary", "source": { "id": "", "name": "hunspell-en", "version": "0.20140811.1-20.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "UQ0iR6K7H7VlNJDWtSXu8g==": { "id": "UQ0iR6K7H7VlNJDWtSXu8g==", "name": "glibc-minimal-langpack", "version": "2.34-60.el9", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-60.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ud9PNLLJ6v7hTpAYdO825w==": { "id": "Ud9PNLLJ6v7hTpAYdO825w==", "name": "pcre-utf16", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Uh923oEysUV/Jd+lAsrExQ==": { "id": "Uh923oEysUV/Jd+lAsrExQ==", "name": "openssl", "version": "1:3.0.7-6.el9_2", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.7-6.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "V/3oHP6E5IRlfgZZHK72RA==": { "id": "V/3oHP6E5IRlfgZZHK72RA==", "name": "p11-kit-trust", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VDWxBVhhJMCCBIlvmorheA==": { "id": "VDWxBVhhJMCCBIlvmorheA==", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VKn7W/G4YSPWexQiMm5Mpw==": { "id": "VKn7W/G4YSPWexQiMm5Mpw==", "name": "python3", "version": "3.9.16-1.el9", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.16-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VLOqRGIR4aQvFfvVrpLyIg==": { "id": "VLOqRGIR4aQvFfvVrpLyIg==", "name": "pcre-cpp", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VV2Z1ngTs6sGvt5SrayPCg==": { "id": "VV2Z1ngTs6sGvt5SrayPCg==", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VYdUwKBAQLmf/YxtfkL4Ng==": { "id": "VYdUwKBAQLmf/YxtfkL4Ng==", "name": "nss_wrapper", "version": "1.1.13-1.el9", "kind": "binary", "source": { "id": "", "name": "nss_wrapper", "version": "1.1.13-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VhjrPOGZ9XGEFgLnQWc+KQ==": { "id": "VhjrPOGZ9XGEFgLnQWc+KQ==", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "W4amAY83CsyR7zQ0GM7zsg==": { "id": "W4amAY83CsyR7zQ0GM7zsg==", "name": "pcre2-syntax", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WGTPzg6kcF7+DBqm8j43JA==": { "id": "WGTPzg6kcF7+DBqm8j43JA==", "name": "libjpeg-turbo-devel", "version": "2.0.90-6.el9_1", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WM43f6rBXkL3dY9fUi8CGw==": { "id": "WM43f6rBXkL3dY9fUi8CGw==", "name": "boost-regex", "version": "1.75.0-8.el9", "kind": "binary", "source": { "id": "", "name": "boost", "version": "1.75.0-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WN9YKonIBKVWuMNAg76vrA==": { "id": "WN9YKonIBKVWuMNAg76vrA==", "name": "libXpm-devel", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WQKADjeyfRD38rnEEOPp1Q==": { "id": "WQKADjeyfRD38rnEEOPp1Q==", "name": "perl-POSIX", "version": "1.94-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WifWl02dLM2pp5urxOSuNg==": { "id": "WifWl02dLM2pp5urxOSuNg==", "name": "perl-URI", "version": "5.09-3.el9", "kind": "binary", "source": { "id": "", "name": "perl-URI", "version": "5.09-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Wk7LqC7t+o2XGJ7GcNisJg==": { "id": "Wk7LqC7t+o2XGJ7GcNisJg==", "name": "perl-DynaLoader", "version": "1.47-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WtXZ2fXaMBz4LgxKVaglcQ==": { "id": "WtXZ2fXaMBz4LgxKVaglcQ==", "name": "systemd-pam", "version": "252-13.el9_2", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "252-13.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XE8zSisNWy8L6qfbOa8bgw==": { "id": "XE8zSisNWy8L6qfbOa8bgw==", "name": "httpd-core", "version": "2.4.53-11.el9_2.5", "kind": "binary", "source": { "id": "", "name": "httpd", "version": "2.4.53-11.el9_2.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XMI2bnJZdxdcHnKc3zgCUA==": { "id": "XMI2bnJZdxdcHnKc3zgCUA==", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "binary", "source": { "id": "", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XMPq7+46c92RSax5sZ9PZw==": { "id": "XMPq7+46c92RSax5sZ9PZw==", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XX1gx35T8rMzed7p4qESdA==": { "id": "XX1gx35T8rMzed7p4qESdA==", "name": "harfbuzz-devel", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XY7Rsp3abvPv7z5PedxTfQ==": { "id": "XY7Rsp3abvPv7z5PedxTfQ==", "name": "libcurl-minimal", "version": "7.76.1-23.el9_2.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-23.el9_2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XknZfuy4JTIfmNl9OaWPvw==": { "id": "XknZfuy4JTIfmNl9OaWPvw==", "name": "perl-File-stat", "version": "1.09-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XliA1VgMzM5VjjSZdnmlQw==": { "id": "XliA1VgMzM5VjjSZdnmlQw==", "name": "perl-Getopt-Long", "version": "1:2.52-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Getopt-Long", "version": "2.52-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XwbkaIGCYyq6BjBMVZ1wzw==": { "id": "XwbkaIGCYyq6BjBMVZ1wzw==", "name": "readline", "version": "8.1-4.el9", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Y35yrxWjtTUkUbNtS9+p6g==": { "id": "Y35yrxWjtTUkUbNtS9+p6g==", "name": "python3-six", "version": "1.15.0-9.el9", "kind": "binary", "source": { "id": "", "name": "python-six", "version": "1.15.0-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Y7RfEE0STf2iJPRrFks1EA==": { "id": "Y7RfEE0STf2iJPRrFks1EA==", "name": "libgcrypt", "version": "1.10.0-10.el9_1", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.10.0-10.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YfEo6WVMrrTwiYOybxFFKg==": { "id": "YfEo6WVMrrTwiYOybxFFKg==", "name": "atlas", "version": "3.10.3-17.el9", "kind": "binary", "source": { "id": "", "name": "atlas", "version": "3.10.3-17.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ykql8nkyvRcgK8Lh7Lq+kQ==": { "id": "Ykql8nkyvRcgK8Lh7Lq+kQ==", "name": "crypto-policies-scripts", "version": "20221215-1.git9a18988.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20221215-1.git9a18988.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Yl1vpKVHRvRB21rCddLWsw==": { "id": "Yl1vpKVHRvRB21rCddLWsw==", "name": "libgfortran", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZFEfQrxUBY1btxBh+yKlDg==": { "id": "ZFEfQrxUBY1btxBh+yKlDg==", "name": "libselinux", "version": "3.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZX4vKkXsoMfQ2HH9oPb0TA==": { "id": "ZX4vKkXsoMfQ2HH9oPb0TA==", "name": "libXau-devel", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZirAgSALB60nuB+w96ycGw==": { "id": "ZirAgSALB60nuB+w96ycGw==", "name": "util-linux-core", "version": "2.37.4-10.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "a0GQ0ecdg5PXNSF9I+cGHw==": { "id": "a0GQ0ecdg5PXNSF9I+cGHw==", "name": "libX11", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "a8xKqhaA3WAbx6RAfWh+mQ==": { "id": "a8xKqhaA3WAbx6RAfWh+mQ==", "name": "virt-what", "version": "1.25-3.el9", "kind": "binary", "source": { "id": "", "name": "virt-what", "version": "1.25-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "arzS3GnLPLKzM8xRPFnUzw==": { "id": "arzS3GnLPLKzM8xRPFnUzw==", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ax5YZqtoTsGSLh5YAOUDAA==": { "id": "ax5YZqtoTsGSLh5YAOUDAA==", "name": "dbus-libs", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "b/fX+2E3Kw/VrXP3Viej5w==": { "id": "b/fX+2E3Kw/VrXP3Viej5w==", "name": "acl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bAHdU/f6fCAnpSF6X2i8tw==": { "id": "bAHdU/f6fCAnpSF6X2i8tw==", "name": "mod_ldap", "version": "2.4.53-11.el9_2.5", "kind": "binary", "source": { "id": "", "name": "httpd", "version": "2.4.53-11.el9_2.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bEsPytE/ZdCMbfuAgQc9AA==": { "id": "bEsPytE/ZdCMbfuAgQc9AA==", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "binary", "source": { "id": "", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "bFvWffGqJWr7FWnI7K9NVw==": { "id": "bFvWffGqJWr7FWnI7K9NVw==", "name": "grep", "version": "3.6-5.el9", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bQK0gSM91Pq8oi5kJ9072Q==": { "id": "bQK0gSM91Pq8oi5kJ9072Q==", "name": "gettext-libs", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bbOmNWQZu2GtbHRNTT5LbA==": { "id": "bbOmNWQZu2GtbHRNTT5LbA==", "name": "pcre2", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmteRKYcfys3z5xoBsdO6A==": { "id": "bmteRKYcfys3z5xoBsdO6A==", "name": "apr-devel", "version": "1.7.0-11.el9", "kind": "binary", "source": { "id": "", "name": "apr", "version": "1.7.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bp0rUgZ5FkIYAX2aEVd/VA==": { "id": "bp0rUgZ5FkIYAX2aEVd/VA==", "name": "vim-minimal", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c+NNakWs+nuv9id8/GMRCQ==": { "id": "c+NNakWs+nuv9id8/GMRCQ==", "name": "gnutls", "version": "3.7.6-20.el9_2", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.7.6-20.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c80O2pouI9LIJSZbRJWPig==": { "id": "c80O2pouI9LIJSZbRJWPig==", "name": "perl-IO", "version": "1.43-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cGWkJkC9Qm+QCP4f8vmD+Q==": { "id": "cGWkJkC9Qm+QCP4f8vmD+Q==", "name": "libX11-xcb", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cmnl8AuxbWKMe5IsutS6hQ==": { "id": "cmnl8AuxbWKMe5IsutS6hQ==", "name": "gcc-c++", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ct/ndQfSB+G17YP34ufDBA==": { "id": "ct/ndQfSB+G17YP34ufDBA==", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cyPuHTnlw1rgBeukzqOA/Q==": { "id": "cyPuHTnlw1rgBeukzqOA/Q==", "name": "ubi9-container", "version": "9.2-359", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.2.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "d2u6OOcV0gny9xb/XcV90A==": { "id": "d2u6OOcV0gny9xb/XcV90A==", "name": "libverto-devel", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "d3XTAE48DbXhY9WDvZR8ew==": { "id": "d3XTAE48DbXhY9WDvZR8ew==", "name": "libmount", "version": "2.37.4-10.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dBjb+khckVi+h+bXEXQ0NA==": { "id": "dBjb+khckVi+h+bXEXQ0NA==", "name": "s2i-base-container", "version": "1-432.1684740240", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "dC9CoYt17eaqinGSVCfCxw==": { "id": "dC9CoYt17eaqinGSVCfCxw==", "name": "libattr", "version": "2.5.1-3.el9", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.5.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dMY7Qly4vcBOdARECvhzxQ==": { "id": "dMY7Qly4vcBOdARECvhzxQ==", "name": "ncurses-libs", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dN6ybm8pzBFkzp1B5ADKWQ==": { "id": "dN6ybm8pzBFkzp1B5ADKWQ==", "name": "openssl-libs", "version": "1:3.0.7-6.el9_2", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.7-6.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dStYvdO33sly7EacpHOqeA==": { "id": "dStYvdO33sly7EacpHOqeA==", "name": "rootfiles", "version": "8.1-31.el9", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-31.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dYr9tK7XM6aISNKJAtl5ZQ==": { "id": "dYr9tK7XM6aISNKJAtl5ZQ==", "name": "pcre-utf32", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dpQG/pUwAqVv1OdQqnvylQ==": { "id": "dpQG/pUwAqVv1OdQqnvylQ==", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dywLPrGPYbMhmK8BDXQbTA==": { "id": "dywLPrGPYbMhmK8BDXQbTA==", "name": "perl-FileHandle", "version": "2.03-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "e7W78NrdwYaVEcBcXhDv5Q==": { "id": "e7W78NrdwYaVEcBcXhDv5Q==", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eEjpOxWkwvzzJN5kkeVUcg==": { "id": "eEjpOxWkwvzzJN5kkeVUcg==", "name": "perl-Encode", "version": "4:3.08-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Encode", "version": "3.08-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "euXwzVjOcimqFJYqARwKWw==": { "id": "euXwzVjOcimqFJYqARwKWw==", "name": "curl-minimal", "version": "7.76.1-23.el9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-23.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eyrMb/GsqkuTYioGKTuywQ==": { "id": "eyrMb/GsqkuTYioGKTuywQ==", "name": "perl-libs", "version": "4:5.32.1-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "f+vfvrJhWMY0olKoVALiZg==": { "id": "f+vfvrJhWMY0olKoVALiZg==", "name": "gcc-plugin-annobin", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "f2GhXCi0MGW6C5vh1ih8XQ==": { "id": "f2GhXCi0MGW6C5vh1ih8XQ==", "name": "perl-threads", "version": "1:2.25-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads", "version": "2.25-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "fABYCJhoNbEVNi6uQbozyQ==": { "id": "fABYCJhoNbEVNi6uQbozyQ==", "name": "libmount-devel", "version": "2.37.4-10.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "fPqd9vZ8gX6ENS8pJ4Xrwg==": { "id": "fPqd9vZ8gX6ENS8pJ4Xrwg==", "name": "libxcrypt-compat", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "fbMnHEQrv8x4t0qLnKLwbg==": { "id": "fbMnHEQrv8x4t0qLnKLwbg==", "name": "npm", "version": "1:8.19.3-1.16.19.1.1.el9_2", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.19.1-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "fdGdDMnv09wSB2YQZy6KvQ==": { "id": "fdGdDMnv09wSB2YQZy6KvQ==", "name": "httpd-filesystem", "version": "2.4.53-11.el9_2.5", "kind": "binary", "source": { "id": "", "name": "httpd", "version": "2.4.53-11.el9_2.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ftjpFADg59vG8c6VuasWSw==": { "id": "ftjpFADg59vG8c6VuasWSw==", "name": "cpp", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gAmtH01AtPv8BgKs6vvp1g==": { "id": "gAmtH01AtPv8BgKs6vvp1g==", "name": "dnf", "version": "4.14.0-5.el9_2", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.14.0-5.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gBWlSWdEA8U1+Ep4A/+M2g==": { "id": "gBWlSWdEA8U1+Ep4A/+M2g==", "name": "perl-Error", "version": "1:0.17029-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Error", "version": "0.17029-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gJHwCqer7Rl9ijGK6wpg4A==": { "id": "gJHwCqer7Rl9ijGK6wpg4A==", "name": "libICE", "version": "1.0.10-8.el9", "kind": "binary", "source": { "id": "", "name": "libICE", "version": "1.0.10-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gONioUcnQIIRbbViWOETsw==": { "id": "gONioUcnQIIRbbViWOETsw==", "name": "librepo", "version": "1.14.5-1.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gaj77WNtnPFhL+vveIeiCA==": { "id": "gaj77WNtnPFhL+vveIeiCA==", "name": "dnf-data", "version": "4.14.0-5.el9_2", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.14.0-5.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gngAZQYf0zy4+w3GwgpLmw==": { "id": "gngAZQYf0zy4+w3GwgpLmw==", "name": "python3-libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gqOdH0Kiuf6AbkqFcLH1hg==": { "id": "gqOdH0Kiuf6AbkqFcLH1hg==", "name": "libarchive", "version": "3.5.3-4.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gsdYiUdG+fMtG/M0X1EkAg==": { "id": "gsdYiUdG+fMtG/M0X1EkAg==", "name": "filesystem", "version": "3.16-2.el9", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.16-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h1J8TPl/jsinSWX6NGdwBQ==": { "id": "h1J8TPl/jsinSWX6NGdwBQ==", "name": "redhat-release", "version": "9.2-0.13.el9", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "9.2-0.13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h1cVg0k54GXoiwzxAq2Yig==": { "id": "h1cVg0k54GXoiwzxAq2Yig==", "name": "libsemanage", "version": "3.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h9twf6qS77k2oq5EqT60kA==": { "id": "h9twf6qS77k2oq5EqT60kA==", "name": "libtool-ltdl", "version": "2.4.6-45.el9", "kind": "binary", "source": { "id": "", "name": "libtool", "version": "2.4.6-45.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hKJ3xmpaes4B2vxd2C5M1Q==": { "id": "hKJ3xmpaes4B2vxd2C5M1Q==", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "binary", "source": { "id": "", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hYEisV19Dxn4PvCvxJFm5A==": { "id": "hYEisV19Dxn4PvCvxJFm5A==", "name": "lz4-libs", "version": "1.9.3-5.el9", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hagAldrmW5BKtVwDil7uxw==": { "id": "hagAldrmW5BKtVwDil7uxw==", "name": "pip", "version": "21.3.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.21.3.1.0.0.0.0.0.0", "cpe": "" }, "heXcDkpDDTJ/ac/FHrXYvg==": { "id": "heXcDkpDDTJ/ac/FHrXYvg==", "name": "efi-srpm-macros", "version": "6-2.el9_0", "kind": "binary", "source": { "id": "", "name": "efi-rpm-macros", "version": "6-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hgr5TOXgV4U9LXyKt2w6gA==": { "id": "hgr5TOXgV4U9LXyKt2w6gA==", "name": "libffi-devel", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hjikQWtnmVPaWts63wYw4Q==": { "id": "hjikQWtnmVPaWts63wYw4Q==", "name": "passwd", "version": "0.80-12.el9", "kind": "binary", "source": { "id": "", "name": "passwd", "version": "0.80-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hrY/5TRUmBt6d/EoQ9M7aw==": { "id": "hrY/5TRUmBt6d/EoQ9M7aw==", "name": "python3-dateutil", "version": "1:2.8.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-dateutil", "version": "2.8.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hwDu44WbabGgfO5r6rrVvQ==": { "id": "hwDu44WbabGgfO5r6rrVvQ==", "name": "libquadmath-devel", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hyds1mrD8GWUXo+lv53Rag==": { "id": "hyds1mrD8GWUXo+lv53Rag==", "name": "findutils", "version": "1:4.8.0-5.el9", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i5oeumDhhynr3T9Ik5cAaw==": { "id": "i5oeumDhhynr3T9Ik5cAaw==", "name": "cmake", "version": "3.20.2-8.el9", "kind": "binary", "source": { "id": "", "name": "cmake", "version": "3.20.2-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iBA/JBMmSIEGbBZDQlcuUQ==": { "id": "iBA/JBMmSIEGbBZDQlcuUQ==", "name": "bzip2-devel", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iG10xBRfLLoRP3qlluI7NQ==": { "id": "iG10xBRfLLoRP3qlluI7NQ==", "name": "automake", "version": "1.16.2-6.el9", "kind": "binary", "source": { "id": "", "name": "automake", "version": "1.16.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "iMLMqCcRXnm6QslpJnCS7w==": { "id": "iMLMqCcRXnm6QslpJnCS7w==", "name": "cairo", "version": "1.17.4-7.el9", "kind": "binary", "source": { "id": "", "name": "cairo", "version": "1.17.4-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iODVJwGc39HK9YJaL/S8oA==": { "id": "iODVJwGc39HK9YJaL/S8oA==", "name": "glib2", "version": "2.68.4-6.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iQByZpdRXgW/fl3SoDuoAA==": { "id": "iQByZpdRXgW/fl3SoDuoAA==", "name": "libipt", "version": "2.0.4-5.el9", "kind": "binary", "source": { "id": "", "name": "libipt", "version": "2.0.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iTjyL8AL9avw3YnaeFgLEg==": { "id": "iTjyL8AL9avw3YnaeFgLEg==", "name": "gettext", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iswhVSntR4QnIsTAyM6ydQ==": { "id": "iswhVSntR4QnIsTAyM6ydQ==", "name": "perl-Pod-Escapes", "version": "1:1.07-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Escapes", "version": "1.07-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ix3lD4/Nn7qLbcpDm0AIhg==": { "id": "ix3lD4/Nn7qLbcpDm0AIhg==", "name": "perl-constant", "version": "1.33-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-constant", "version": "1.33-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ixW66YgVs1wZXBxyWt13+Q==": { "id": "ixW66YgVs1wZXBxyWt13+Q==", "name": "perl-Fcntl", "version": "1.13-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jDIVpAdvhjPN/gmOBNQuag==": { "id": "jDIVpAdvhjPN/gmOBNQuag==", "name": "perl-Time-Local", "version": "2:1.300-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Time-Local", "version": "1.300-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jDl1XUvAdn9+mQXB8dOXgQ==": { "id": "jDl1XUvAdn9+mQXB8dOXgQ==", "name": "elfutils-libs", "version": "0.188-3.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.188-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jH43ZEoPP2TpNiUJXUizMw==": { "id": "jH43ZEoPP2TpNiUJXUizMw==", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "binary", "source": { "id": "", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jP2MQ8NZSq7niL51MUXrbg==": { "id": "jP2MQ8NZSq7niL51MUXrbg==", "name": "mod_session", "version": "2.4.53-11.el9_2.5", "kind": "binary", "source": { "id": "", "name": "httpd", "version": "2.4.53-11.el9_2.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jXo3rXdhdYGkiXYZpQxZ3Q==": { "id": "jXo3rXdhdYGkiXYZpQxZ3Q==", "name": "python3-chardet", "version": "4.0.0-5.el9", "kind": "binary", "source": { "id": "", "name": "python-chardet", "version": "4.0.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jbZYcB+conABOoSlK2dErw==": { "id": "jbZYcB+conABOoSlK2dErw==", "name": "perl-subs", "version": "1.03-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jeO9KYJY4vtRl4FdYT30Dg==": { "id": "jeO9KYJY4vtRl4FdYT30Dg==", "name": "perl-vars", "version": "1.05-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "k2/Uj1zK7XGhSfuYoepPmA==": { "id": "k2/Uj1zK7XGhSfuYoepPmA==", "name": "dnf-plugins-core", "version": "4.3.0-5.el9_2", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.3.0-5.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kAc8BYCjeCgQR9YdLeGx9w==": { "id": "kAc8BYCjeCgQR9YdLeGx9w==", "name": "python3-urllib3", "version": "1.26.5-3.el9", "kind": "binary", "source": { "id": "", "name": "python-urllib3", "version": "1.26.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kAeo6wOpPqyKfEIM6fhPPg==": { "id": "kAeo6wOpPqyKfEIM6fhPPg==", "name": "libuv", "version": "1:1.42.0-1.el9", "kind": "binary", "source": { "id": "", "name": "libuv", "version": "1.42.0-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kDzRHkg3txncDWuyd5771g==": { "id": "kDzRHkg3txncDWuyd5771g==", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kbK7zjqVLBpqqO+SO7RFQg==": { "id": "kbK7zjqVLBpqqO+SO7RFQg==", "name": "tzdata", "version": "2022g-2.el9", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2022g-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kdml4TiffKDDUHJjP7R1Tg==": { "id": "kdml4TiffKDDUHJjP7R1Tg==", "name": "openldap", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kigiD4fuysu8/DeCr+ONKQ==": { "id": "kigiD4fuysu8/DeCr+ONKQ==", "name": "basesystem", "version": "11-13.el9", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kiuxclwU753PR5FuupUaEA==": { "id": "kiuxclwU753PR5FuupUaEA==", "name": "bsdtar", "version": "3.5.3-4.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kjBdgQQNdOoXImAp5fQQpw==": { "id": "kjBdgQQNdOoXImAp5fQQpw==", "name": "krb5-libs", "version": "1.20.1-8.el9", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.20.1-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ktHjHCegyaFGFLaqVjqkVA==": { "id": "ktHjHCegyaFGFLaqVjqkVA==", "name": "libX11-common", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "l0z+eHWKZYYL3mOicWgc2w==": { "id": "l0z+eHWKZYYL3mOicWgc2w==", "name": "libgcc", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lITnNJqHTfcVQiCGHjWozA==": { "id": "lITnNJqHTfcVQiCGHjWozA==", "name": "python3-pip-wheel", "version": "21.2.3-6.el9", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "21.2.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lNWcYbl6h71sUZV6B4E+bw==": { "id": "lNWcYbl6h71sUZV6B4E+bw==", "name": "pkgconf-m4", "version": "1.7.3-10.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lajcRo8M3+y2K3Ci00VHYA==": { "id": "lajcRo8M3+y2K3Ci00VHYA==", "name": "perl-File-Copy", "version": "2.34-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lwkb5oxxrG7ZgPYzSyvcZQ==": { "id": "lwkb5oxxrG7ZgPYzSyvcZQ==", "name": "libxml2-devel", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ly9SmBBH7WsYXh1oG69XaQ==": { "id": "ly9SmBBH7WsYXh1oG69XaQ==", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "m7hOFCjo7x6PMvux7htFOg==": { "id": "m7hOFCjo7x6PMvux7htFOg==", "name": "cracklib-dicts", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mK/FUfODp3MR7WS2xegPsw==": { "id": "mK/FUfODp3MR7WS2xegPsw==", "name": "langpacks-core-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mLZQEF4KLS62c+8BB/jz0Q==": { "id": "mLZQEF4KLS62c+8BB/jz0Q==", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLtyJkgiain09bfdUDF0tA==": { "id": "mLtyJkgiain09bfdUDF0tA==", "name": "python3-idna", "version": "2.10-7.el9", "kind": "binary", "source": { "id": "", "name": "python-idna", "version": "2.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mPqGnMbiXN6jP61aGbHvOA==": { "id": "mPqGnMbiXN6jP61aGbHvOA==", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mS/mU0XqXurt5b2cC0G2wA==": { "id": "mS/mU0XqXurt5b2cC0G2wA==", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mUWlB/zKDu+SsRl4ybUmSg==": { "id": "mUWlB/zKDu+SsRl4ybUmSg==", "name": "cmake-data", "version": "3.20.2-8.el9", "kind": "binary", "source": { "id": "", "name": "cmake", "version": "3.20.2-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nC22unSxVi1R4g6taYLM9Q==": { "id": "nC22unSxVi1R4g6taYLM9Q==", "name": "brotli-devel", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nGBKPb406lGwZT56VfENpA==": { "id": "nGBKPb406lGwZT56VfENpA==", "name": "glibc-common", "version": "2.34-60.el9", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-60.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nQ2GBM/gj/3E8MCX+/anEg==": { "id": "nQ2GBM/gj/3E8MCX+/anEg==", "name": "man-db", "version": "2.9.3-7.el9", "kind": "binary", "source": { "id": "", "name": "man-db", "version": "2.9.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nQMwj1eUiCBkaYGhP919IQ==": { "id": "nQMwj1eUiCBkaYGhP919IQ==", "name": "importlib_metadata", "version": "8.7.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.8.7.0.0.0.0.0.0.0", "cpe": "" }, "nUBBsXgA+QSl6Tx9eXi6Mw==": { "id": "nUBBsXgA+QSl6Tx9eXi6Mw==", "name": "dbus-common", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "na4ojyfFHL07xf5Yr8wxsg==": { "id": "na4ojyfFHL07xf5Yr8wxsg==", "name": "libgpg-error-devel", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nfPufzGeU1GNtwMg2NZjyw==": { "id": "nfPufzGeU1GNtwMg2NZjyw==", "name": "nodejs-full-i18n", "version": "1:16.19.1-1.el9_2", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.19.1-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nqniqNEVhrfub8cS+os87A==": { "id": "nqniqNEVhrfub8cS+os87A==", "name": "fonts-srpm-macros", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nvxJsUFWvodHYwGusWrCfA==": { "id": "nvxJsUFWvodHYwGusWrCfA==", "name": "mod_ssl", "version": "1:2.4.53-11.el9_2.5", "kind": "binary", "source": { "id": "", "name": "httpd", "version": "2.4.53-11.el9_2.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o0sNxhdrQvn3LtgSlydcdw==": { "id": "o0sNxhdrQvn3LtgSlydcdw==", "name": "pcre2-devel", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oK41W21MyjS/j+5BoCQjuA==": { "id": "oK41W21MyjS/j+5BoCQjuA==", "name": "tcl", "version": "1:8.6.10-7.el9", "kind": "binary", "source": { "id": "", "name": "tcl", "version": "8.6.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "obNuQXzAwE3TzjUoRN1yEw==": { "id": "obNuQXzAwE3TzjUoRN1yEw==", "name": "libbabeltrace", "version": "1.5.8-10.el9", "kind": "binary", "source": { "id": "", "name": "babeltrace", "version": "1.5.8-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oclpmz+FssvmCD6ysyi8mw==": { "id": "oclpmz+FssvmCD6ysyi8mw==", "name": "cyrus-sasl-devel", "version": "2.1.27-21.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "og/hyn7iqbsNsfIv/8VHFg==": { "id": "og/hyn7iqbsNsfIv/8VHFg==", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "om/hnbn42itSjLCSeL6+2A==": { "id": "om/hnbn42itSjLCSeL6+2A==", "name": "freetype", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p5/fxZumt5POFcNowtTiuw==": { "id": "p5/fxZumt5POFcNowtTiuw==", "name": "perl-Errno", "version": "1.30-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p5p9BM7pNAz2WsIpV9j2Vg==": { "id": "p5p9BM7pNAz2WsIpV9j2Vg==", "name": "perl-B", "version": "1.80-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p84Jbbr2OyhgEYqMWSBnYg==": { "id": "p84Jbbr2OyhgEYqMWSBnYg==", "name": "libtirpc", "version": "1.3.3-1.el9", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pMCjbYMWFg0OW6e3aesnmg==": { "id": "pMCjbYMWFg0OW6e3aesnmg==", "name": "ubi9/s2i-core", "version": "1-404", "kind": "binary", "source": { "id": "qRYqnsmHWyPYtkZR3QWTvw==", "name": "s2i-core-container", "version": "1-404", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "pPr7yDMpB7ZjDUk38ihGgw==": { "id": "pPr7yDMpB7ZjDUk38ihGgw==", "name": "apr-util-openssl", "version": "1.6.1-20.el9_2.1", "kind": "binary", "source": { "id": "", "name": "apr-util", "version": "1.6.1-20.el9_2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pc8TmjOHnExT3yvCQuGR7Q==": { "id": "pc8TmjOHnExT3yvCQuGR7Q==", "name": "tar", "version": "2:1.34-6.el9_1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pghQDJVZ6nOQ9Xe2E75qtw==": { "id": "pghQDJVZ6nOQ9Xe2E75qtw==", "name": "libselinux-devel", "version": "3.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "piIKp3mha3J0aqiUeWB7lg==": { "id": "piIKp3mha3J0aqiUeWB7lg==", "name": "python3-libs", "version": "3.9.16-1.el9", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.16-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ptT0YL/h24MTjTTVlPAZVg==": { "id": "ptT0YL/h24MTjTTVlPAZVg==", "name": "freetype-devel", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qRYqnsmHWyPYtkZR3QWTvw==": { "id": "qRYqnsmHWyPYtkZR3QWTvw==", "name": "s2i-core-container", "version": "1-404", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "qYSZ6aKFWol313IOGRXaug==": { "id": "qYSZ6aKFWol313IOGRXaug==", "name": "json-c", "version": "0.14-11.el9", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.14-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qaeDIBzkPb1YcHW+c5XKTw==": { "id": "qaeDIBzkPb1YcHW+c5XKTw==", "name": "python3-cloud-what", "version": "1.29.33.1-1.el9_2", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.33.1-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qcLLXOiskeOh3Yk1oA8Pwg==": { "id": "qcLLXOiskeOh3Yk1oA8Pwg==", "name": "kmod-libs", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "kmod", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qr+LQm/hdVc+TsPUEoIhXw==": { "id": "qr+LQm/hdVc+TsPUEoIhXw==", "name": "libblkid", "version": "2.37.4-10.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qv877m16TWTnhYtFU/bzVg==": { "id": "qv877m16TWTnhYtFU/bzVg==", "name": "httpd-devel", "version": "2.4.53-11.el9_2.5", "kind": "binary", "source": { "id": "", "name": "httpd", "version": "2.4.53-11.el9_2.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rAxI6ugHAhGGLF0rGYHfUw==": { "id": "rAxI6ugHAhGGLF0rGYHfUw==", "name": "openssh", "version": "8.7p1-29.el9_2", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-29.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rCLp3m64Catai9VuHvh3Lw==": { "id": "rCLp3m64Catai9VuHvh3Lw==", "name": "keyutils-libs", "version": "1.6.3-1.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEU0uZUpz06y9hg0ORc49A==": { "id": "rEU0uZUpz06y9hg0ORc49A==", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rHWl96jwSRpVOW9Rmtir2g==": { "id": "rHWl96jwSRpVOW9Rmtir2g==", "name": "binutils-gold", "version": "2.35.2-37.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-37.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rUUieTQ6JPdOKUOFRfhvNw==": { "id": "rUUieTQ6JPdOKUOFRfhvNw==", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rY/kE/V4JnxYoqV+lmc9mg==": { "id": "rY/kE/V4JnxYoqV+lmc9mg==", "name": "gawk", "version": "5.1.0-6.el9", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "5.1.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rYCgRZF9UtO2MybO6TcW0g==": { "id": "rYCgRZF9UtO2MybO6TcW0g==", "name": "nettle", "version": "3.8-3.el9_0", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.8-3.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rZckolqfVnE7xInGZn5Zzw==": { "id": "rZckolqfVnE7xInGZn5Zzw==", "name": "python3-pysocks", "version": "1.7.1-12.el9", "kind": "binary", "source": { "id": "", "name": "python-pysocks", "version": "1.7.1-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rj2k4My0f4W7sR9R0rDeJg==": { "id": "rj2k4My0f4W7sR9R0rDeJg==", "name": "perl-Pod-Usage", "version": "4:2.01-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Usage", "version": "2.01-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rlHYqOr0lkUB/Gs6b1kD2g==": { "id": "rlHYqOr0lkUB/Gs6b1kD2g==", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "s/sN90wkrzAWkEGvOCWevQ==": { "id": "s/sN90wkrzAWkEGvOCWevQ==", "name": "openssh-clients", "version": "8.7p1-29.el9_2", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-29.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "s2h0kSO0Y3eNEReWOR8CBA==": { "id": "s2h0kSO0Y3eNEReWOR8CBA==", "name": "setup", "version": "2.13.7-9.el9", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.13.7-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "s9qYH9lv+nqFfUwtnSIxEw==": { "id": "s9qYH9lv+nqFfUwtnSIxEw==", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "binary", "source": { "id": "", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sE1EmQ5Nhv4P4rilE6lODw==": { "id": "sE1EmQ5Nhv4P4rilE6lODw==", "name": "lsof", "version": "4.94.0-3.el9", "kind": "binary", "source": { "id": "", "name": "lsof", "version": "4.94.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sKD1m/Tx9mlFSspWqkqwXA==": { "id": "sKD1m/Tx9mlFSspWqkqwXA==", "name": "flask", "version": "2.3.3", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.3.3.0.0.0.0.0.0", "cpe": "" }, "sXA/H9XX1FCBnut09ugTOw==": { "id": "sXA/H9XX1FCBnut09ugTOw==", "name": "nss_wrapper-libs", "version": "1.1.13-1.el9", "kind": "binary", "source": { "id": "", "name": "nss_wrapper", "version": "1.1.13-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sZC9JChvb46EmDWlVsLY4Q==": { "id": "sZC9JChvb46EmDWlVsLY4Q==", "name": "hostname", "version": "3.23-6.el9", "kind": "binary", "source": { "id": "", "name": "hostname", "version": "3.23-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "seCPTRxsW0CXUgbCc8GtTg==": { "id": "seCPTRxsW0CXUgbCc8GtTg==", "name": "glib2-devel", "version": "2.68.4-6.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "senWHvSi1AlFz8ttUDvIeg==": { "id": "senWHvSi1AlFz8ttUDvIeg==", "name": "openldap-devel", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "slOVRtjq4478nP0dtG1VIA==": { "id": "slOVRtjq4478nP0dtG1VIA==", "name": "perl-if", "version": "0.60.800-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "slOYGSVfSsDARkAcrk9R3Q==": { "id": "slOYGSVfSsDARkAcrk9R3Q==", "name": "python3-systemd", "version": "234-18.el9", "kind": "binary", "source": { "id": "", "name": "python-systemd", "version": "234-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sm+xC6hqiI5z9MZTiNGgAw==": { "id": "sm+xC6hqiI5z9MZTiNGgAw==", "name": "perl-SelectSaver", "version": "1.02-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ssPaV1VLDu6d5ZJ6Rrmh3A==": { "id": "ssPaV1VLDu6d5ZJ6Rrmh3A==", "name": "sed", "version": "4.8-9.el9", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sukNATkcLkohYgGrhDtrZA==": { "id": "sukNATkcLkohYgGrhDtrZA==", "name": "libxcrypt-devel", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "svMaWd1Pkq6Z/UDBHTpApg==": { "id": "svMaWd1Pkq6Z/UDBHTpApg==", "name": "keyutils-libs-devel", "version": "1.6.3-1.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sx0C6L5COHIkv6yQQyPlbw==": { "id": "sx0C6L5COHIkv6yQQyPlbw==", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sy1cTR7VjlyD3WavviV1+g==": { "id": "sy1cTR7VjlyD3WavviV1+g==", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "szBndBxzz7klx0noQ6O0zQ==": { "id": "szBndBxzz7klx0noQ6O0zQ==", "name": "perl-interpreter", "version": "4:5.32.1-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "tOoZIHzytN01BRAw3es1Yg==": { "id": "tOoZIHzytN01BRAw3es1Yg==", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "tWWw65aFr0Her+B1hlgbqA==": { "id": "tWWw65aFr0Her+B1hlgbqA==", "name": "perl-Pod-Simple", "version": "1:3.42-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Simple", "version": "3.42-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "trv2Vgd2QnIOlR8n5qdkvg==": { "id": "trv2Vgd2QnIOlR8n5qdkvg==", "name": "libquadmath", "version": "11.3.1-4.3.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-4.3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u5TyEoU5GA6Z2czzwhMLiA==": { "id": "u5TyEoU5GA6Z2czzwhMLiA==", "name": "fonts-filesystem", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "uCyCeArpCxiSoV6DjC80ng==": { "id": "uCyCeArpCxiSoV6DjC80ng==", "name": "pcre-devel", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uIGxNSLaVnAmi0jJ0xnwdw==": { "id": "uIGxNSLaVnAmi0jJ0xnwdw==", "name": "systemd", "version": "252-13.el9_2", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "252-13.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uSt8DkzxoDcE1tRbyYPDOg==": { "id": "uSt8DkzxoDcE1tRbyYPDOg==", "name": "alternatives", "version": "1.20-2.el9", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.20-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uwkXfq5VvKEldZwWOwGq4w==": { "id": "uwkXfq5VvKEldZwWOwGq4w==", "name": "gmp", "version": "1:6.2.0-10.el9", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.2.0-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v5fMEqf0GRz+BrBqAji9dQ==": { "id": "v5fMEqf0GRz+BrBqAji9dQ==", "name": "libzstd", "version": "1.5.1-2.el9", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.5.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v6X9Dt1wPw8fK6VaHz1Ffw==": { "id": "v6X9Dt1wPw8fK6VaHz1Ffw==", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vAPPN6rYSkP394gvFPG0sQ==": { "id": "vAPPN6rYSkP394gvFPG0sQ==", "name": "perl-mro", "version": "1.23-480.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-480.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vP8GkM/8POo0+xS4J25IXg==": { "id": "vP8GkM/8POo0+xS4J25IXg==", "name": "ubi9/s2i-base", "version": "1-432.1684740240", "kind": "binary", "source": { "id": "dBjb+khckVi+h+bXEXQ0NA==", "name": "s2i-base-container", "version": "1-432.1684740240", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "vSRLH3asu5knZtxqOxtnwQ==": { "id": "vSRLH3asu5knZtxqOxtnwQ==", "name": "brotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vVm5dK77cxKy79CJLkG4tQ==": { "id": "vVm5dK77cxKy79CJLkG4tQ==", "name": "zlib-devel", "version": "1.2.11-39.el9", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-39.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vVrvJSq6PSHuN2/SjjnToQ==": { "id": "vVrvJSq6PSHuN2/SjjnToQ==", "name": "libsepol", "version": "3.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vcbNsnPegQ9DMvL/4z83AA==": { "id": "vcbNsnPegQ9DMvL/4z83AA==", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "vq/Gn/XN/vhb+s09B3VJzg==": { "id": "vq/Gn/XN/vhb+s09B3VJzg==", "name": "python3-setuptools-wheel", "version": "53.0.0-12.el9", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "vtNcuXyRth8r8K/W3sfqrQ==": { "id": "vtNcuXyRth8r8K/W3sfqrQ==", "name": "libpng-devel", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vxE46vHhDXuS+hlSHziZ9g==": { "id": "vxE46vHhDXuS+hlSHziZ9g==", "name": "cmake-filesystem", "version": "3.20.2-8.el9", "kind": "binary", "source": { "id": "", "name": "cmake", "version": "3.20.2-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "w2DoavvB02S/+BS01jQqJw==": { "id": "w2DoavvB02S/+BS01jQqJw==", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "binary", "source": { "id": "", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wVOHUaFC3qlk+Ft1W2VH7A==": { "id": "wVOHUaFC3qlk+Ft1W2VH7A==", "name": "python3-gobject-base-noarch", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wdMozBSF06uhI4HOI003SQ==": { "id": "wdMozBSF06uhI4HOI003SQ==", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ws/3dejYQ9Iw2hFH6EdsFQ==": { "id": "ws/3dejYQ9Iw2hFH6EdsFQ==", "name": "libfdisk", "version": "2.37.4-10.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wu/SuBfGK4XxN58kBmX5uQ==": { "id": "wu/SuBfGK4XxN58kBmX5uQ==", "name": "httpd", "version": "2.4.53-11.el9_2.5", "kind": "binary", "source": { "id": "", "name": "httpd", "version": "2.4.53-11.el9_2.5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wvtx3JsOUmPyorardjeYSQ==": { "id": "wvtx3JsOUmPyorardjeYSQ==", "name": "fontconfig-devel", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "x4oijVhQU8BUwJwoFvk4QA==": { "id": "x4oijVhQU8BUwJwoFvk4QA==", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xGsFnJNA7f9q/+8cz1QFqg==": { "id": "xGsFnJNA7f9q/+8cz1QFqg==", "name": "lua-srpm-macros", "version": "1-6.el9", "kind": "binary", "source": { "id": "", "name": "lua-rpm-macros", "version": "1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xRhdpRBdZ/CHodU2oE0btw==": { "id": "xRhdpRBdZ/CHodU2oE0btw==", "name": "go-srpm-macros", "version": "3.2.0-1.el9", "kind": "binary", "source": { "id": "", "name": "go-rpm-macros", "version": "3.2.0-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xVpXFb43dZh4HfBX53yyew==": { "id": "xVpXFb43dZh4HfBX53yyew==", "name": "python3-iniparse", "version": "0.4-45.el9", "kind": "binary", "source": { "id": "", "name": "python-iniparse", "version": "0.4-45.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xdunfqVk+0spTcWoJA7wPw==": { "id": "xdunfqVk+0spTcWoJA7wPw==", "name": "libnghttp2", "version": "1.43.0-5.el9", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.43.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xfiNHrth0bRlTgQnR3IgUw==": { "id": "xfiNHrth0bRlTgQnR3IgUw==", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xgCGPQ7CZbjJqBTw2Nmu9w==": { "id": "xgCGPQ7CZbjJqBTw2Nmu9w==", "name": "groff-base", "version": "1.22.4-10.el9", "kind": "binary", "source": { "id": "", "name": "groff", "version": "1.22.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xh4NhhVC69+jOkFwMqnXfA==": { "id": "xh4NhhVC69+jOkFwMqnXfA==", "name": "python3-hawkey", "version": "0.69.0-3.el9_2", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.69.0-3.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xhMgwxa+ubXlCA6s9XfRgw==": { "id": "xhMgwxa+ubXlCA6s9XfRgw==", "name": "cyrus-sasl-lib", "version": "2.1.27-21.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xmvHgJqnx+8mo577UrJz8g==": { "id": "xmvHgJqnx+8mo577UrJz8g==", "name": "libsolv", "version": "0.7.22-4.el9", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.22-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xnmn6fk+/THLJg3emXYMww==": { "id": "xnmn6fk+/THLJg3emXYMww==", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "y9sflCLWTaHWSSC+w8u7bQ==": { "id": "y9sflCLWTaHWSSC+w8u7bQ==", "name": "xz-devel", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yDt3wSYEqsz4/xyFxjBFAA==": { "id": "yDt3wSYEqsz4/xyFxjBFAA==", "name": "elfutils-libelf", "version": "0.188-3.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.188-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yU2oeSGRdhrEc6MC885lzw==": { "id": "yU2oeSGRdhrEc6MC885lzw==", "name": "mod_auth_gssapi", "version": "1.6.3-7.el9", "kind": "binary", "source": { "id": "", "name": "mod_auth_gssapi", "version": "1.6.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yY469KfvqdHWbJwmOcIU1Q==": { "id": "yY469KfvqdHWbJwmOcIU1Q==", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ycSS8xsUDu5nMwsql04xfQ==": { "id": "ycSS8xsUDu5nMwsql04xfQ==", "name": "gd", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ygSe5Kj3U2XQiKfpAdkx+A==": { "id": "ygSe5Kj3U2XQiKfpAdkx+A==", "name": "cyrus-sasl", "version": "2.1.27-21.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-21.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yjR8lvdxVJDPIeBNVwLrcA==": { "id": "yjR8lvdxVJDPIeBNVwLrcA==", "name": "blinker", "version": "1.9.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.1.9.0.0.0.0.0.0.0", "cpe": "" }, "yl89ZUYB/c9VKLUIKBe/Rg==": { "id": "yl89ZUYB/c9VKLUIKBe/Rg==", "name": "nodejs-libs", "version": "1:16.19.1-1.el9_2", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.19.1-1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zIFn1hwQ+gf5tSEzT54ZNg==": { "id": "zIFn1hwQ+gf5tSEzT54ZNg==", "name": "hunspell-filesystem", "version": "1.7.0-11.el9", "kind": "binary", "source": { "id": "", "name": "hunspell", "version": "1.7.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zLbmCpiDy68qsFvtKNzmgQ==": { "id": "zLbmCpiDy68qsFvtKNzmgQ==", "name": "xml-common", "version": "0.6.3-58.el9", "kind": "binary", "source": { "id": "", "name": "sgml-common", "version": "0.6.3-58.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "zYwssjfM875kzpetvkIuvg==": { "id": "zYwssjfM875kzpetvkIuvg==", "name": "kernel-headers", "version": "5.14.0-284.11.1.el9_2", "kind": "binary", "source": { "id": "", "name": "kernel", "version": "5.14.0-284.11.1.el9_2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zxuLMmxubC84XoLpkfxZ3w==": { "id": "zxuLMmxubC84XoLpkfxZ3w==", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "binary", "source": { "id": "", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" } }, "distributions": { "f48b2efa-d868-47ee-adb0-b469423de1f6": { "id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "9", "version_code_name": "", "version_id": "9", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 9" } }, "repository": { "16d9a897-a94f-4f7e-8818-70fa19137c65": { "id": "16d9a897-a94f-4f7e-8818-70fa19137c65", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39": { "id": "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "1dd1816a-7447-488b-81f6-0b109706ee19": { "id": "1dd1816a-7447-488b-81f6-0b109706ee19", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "42e7e6b2-0aa6-4a73-833c-b9bb8833e934": { "id": "42e7e6b2-0aa6-4a73-833c-b9bb8833e934", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "4acc1027-2ab3-427f-81e3-c66f0ed6efef": { "id": "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "5eae9482-7def-4dbc-b110-c26fcf6e3b68": { "id": "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "648ce893-0452-41cc-8310-f7508928a29f": { "id": "648ce893-0452-41cc-8310-f7508928a29f", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "bef2b07b-0ebb-49c3-a93c-b67efdef72d2": { "id": "bef2b07b-0ebb-49c3-a93c-b67efdef72d2", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "de7f4c60-caaa-4e02-8669-ad59e6bf9e33": { "id": "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "f863cf24-5ef1-4efd-a185-2bced22e5852": { "id": "f863cf24-5ef1-4efd-a185-2bced22e5852", "name": "pypi", "uri": "https://pypi.org/simple", "cpe": "" } }, "environments": { "+A7/nzEXX3Q/xJZ50VMnlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "+B22ALb6YCnXu+3s6afaLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "+yIdH2Pb8SGFuXnry3uK/A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "/L1kFEoHZTukrNTCQLypFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "/QWl/PWEGcxbGcHF8DRhpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "/hboeipJYwh21VHE3k8hmg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "/ix7t8u2ubW7Mpg/i3GMZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "/nzriCy9+x9+mJ5siYSQUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "/u+CSzV7kEfezwNM7CM7EA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "/ziQfr+n12RYSjYmCLOeJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "06kxsmKuig0GXYujyWRf1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "09fH92fqoWDOaYEpwQ9p2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "0Bi+sE7Cahb/G3RtEz1Trg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "0MjC1Kk7xsOH9HZSfI3q+g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "0Yvc2+M8FAry625wuL4S5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "13/XvLtRK2RDQlcsZc1BtQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "1T7WJ83NrIa0U7DlD1BR4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "1Wgi1A5rYYMDlKrTSmcrGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "1XXuvf69/0I2dNHaU2UndQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "1dO83wB64hDLki3A4eA/Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "1h72uRXCx8BEJRBuxQUZxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "1h9uHE0QiXBO/zpJrT0VjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "1iUaGpv40BOJQUks5I0iYg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "1jyJPCL93kiEbfmNKeyz3g==": [ { "package_db": "python:opt/app-root/lib/python3.9/site-packages", "introduced_in": "sha256:5ade92cd94be5f670086c18c0b7d4cb67cb1783465a0b2592a35bcce4f659688", "distribution_id": "", "repository_ids": [ "f863cf24-5ef1-4efd-a185-2bced22e5852" ] } ], "1m9sKqHTfU4F/K4fidg9cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "1wBZnC1avvfNNrXqSBIrLQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "1wLXgzkbHeATdTLAIa0dbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "2KzE5vrx0XgyqjjMfDhPmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "2fg1ZRYCSPKKOgCxCcA36w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "2kFA6ghsw4jfGa4xzNB0dw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "2pv3nM9LRsMhTVXXhKvVsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "2w8qE/d9mqIY/9+1qBBrPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "35MvZs/A5NUjD+xZ1Vlnyw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "37pkHZ+z/wrqTgt4tlrp7g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "40gZpuDvr8Y82hwRT4gOdw==": [ { "package_db": "python:opt/app-root/lib/python3.9/site-packages", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": [ "f863cf24-5ef1-4efd-a185-2bced22e5852" ] } ], "4CCULePjeuIVtIYtfIJ9IA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "4Kw/w2gH7CYCOCv19cdYYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "4ThUof0MfmoEHGOuzmENug==": [ { "package_db": "python:opt/app-root/lib/python3.9/site-packages", "introduced_in": "sha256:5ade92cd94be5f670086c18c0b7d4cb67cb1783465a0b2592a35bcce4f659688", "distribution_id": "", "repository_ids": [ "f863cf24-5ef1-4efd-a185-2bced22e5852" ] } ], "4ZvCk08kvYZC9Caa0g74jw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "582nBqlxZXz0sTRmkFvU4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "5EpVrCQ4OYKiPYYEOuUcmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "5JeNH+bHiuiK9wwBZqH10A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "5NHJ2FdetivE1fvI98uKwQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "5ZNEjbI9oKcr993lWqrXFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "5gnny15srfcrOHbx7C1mGA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "5mMnErn20FkAk/9uOd0U8Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "5mmSudfrCeEmVSPweWmcVQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "5oq4jjwqdEJHokHmXZ7fFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "60b1mOIk+ncF/benyKWfug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "63mZCXR3bqAFNclZSh99aQ==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-python-39-1-117.1684741281", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": [ "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39", "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39" ] } ], "6AYt+NWt55432RGa/HxiQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "6COiLlB/V7UlOwfuFJy77w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "6G1ytjIPgX0NNsVwuPQKkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "6G4wapu2zP6UYfTP+Ip2pA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "6HUC1/dPziZpbtWEymw0nQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "6J8s8AwMqy7tE/ISmFBsoA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "6LVRZKaAJH97OKCXsJMDDw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "6MFxZDjn6ZxVQspQib4VSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "6RxnMs+9yIqzJpLgR7I3zA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "6SSb5cE7rBNUxI3/i20KSw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "6camihNRcGvFSo3XinEWFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "74+EW3adzZwX9DbUU0vOdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "7EpSGPerbrvf/owa+1w1QQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "7kedTb4EJLDAcGarhqe+lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "7wYzYHhhfFK6lCrrOlvj+A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "7yB5oIQve4tWIMlUmHbdQQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "8/rEDMje4w3YcK4XpTSOGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "83fA9kwjFvY8nwB2UCgukg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "88jYB91M4ddvxo2XjMJKmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "8c2Y1Jul4k8x0+owb81kuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "8gpmX0NZa9MMhcqi6FUGtg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "9HjCH3SeUwgItfYZysNlOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "9V410rRhvY0CLuMEbP5hyA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "9bMXqD09C2r4s8P+HNy2uw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "9xJldKRjya3FuhMWdyx68w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "ACNA1cjsRpihwLsZYxMiYQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "AMrZylSYCrcbfUCrsrIYjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "AOquy/6bQ9axg0KRp6hMjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "AUVOf/0NbfB/XbugSBELUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "AbW1lRpGUjSEKNnr/Toz6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Afy1ky17wt57Z2vMS7UXlA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "AhFiXUdFjh8mMgmH3rq4zA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "AjGTpuwkPMpLZjupJLFktg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "AnHvlYoTKSxzg0JMVMiJkg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "B1GkMmH68NQBb820A14+rg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "BJbegVsc0QXOgPydbqTe/A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "BQhiFmX4hLYteW4oRCLTSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "BRLVvSCW1qZQlEQR2x48fQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "BhMVGkQNwq2K8Ychx/Kb6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "Bolq8JGwz5haaKYRC3NHug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "C0IRn/3ulny4xrH7kewdrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "C7VGVckK0YZj4RiVmStEsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "C8fVRwKo3Aa5uPZ1lpSFqg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "CXRheoFIylTt2C0ZN4qu3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Clbp1ERO3UWUCfklcBdPow==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "Cwut2mrMMUaIvKenvO1qWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "D2OZMHNtxbdL+hwzDwrPaA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "D4xxz2lxaTPGbwtkkjV5cA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "D93v97Kl2oOy+zY5Qaa6xQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "DFAPKmwcoKwcymBtOC1U2w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "DK0d2bPQCX0xz6Lec7u1cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "DMchAI2VcGSa4n8bdw5YkA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "DSiKsVzdOYp1aJo/8T0A5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "DVWG3mWD7odZzCgFCUPZPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "DgiaeDan63coleu8kP7BcQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "DrLq8qfU1bfE8o8AfdvkrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "Drl564LoG2Da4MkRcGVqPA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "DsBwkcaqc0GOnmEzcxe6HQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "DyrGGOXnL/bhmZ8ggdwfGA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "E6FiF4JjozMnlWdjWl5qOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "E7tAiOdLCOrmIg8OycJ2lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "ECruELkzz3Vn9sJ6Cby5+A==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-python-39-1-117.1684741281", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": [ "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39", "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39" ] } ], "ED0/IlCpWWQwBBKR2YT9sw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "EEcEMKhGMvXAfnMhboIpqw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "EIxMRDPpO5H8aQAkWTEZCw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "EnQzaG96EBHr5ye6u8iVOQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "EuIN5ixMdxC4uPbLWLSy8A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "Exv8+xTp+7Y4AfuM+ph47Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "F1JLyBPuVB2S11BumSCVVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "FDUyOkFgFnO2w8haox6MJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "FEF27h+V5TzrUeQsFddapA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "FFSNe661VBElA1asGZ7k3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "FKD/ouYSWOOZHy4i43SaxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "FKzmXNUIrd1g2WeC3v221w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "FMrR4PbDeEhmMEh2juuVnw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "FOYEI/hfn+okYJdoTuLQkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "FW8ByCOP6ljvNWDQolahwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "FaNO6QWs1mWPp40PrBiBUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "FoUYQJca0lwtZ/1vlqs/Lg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Fy3bplraTnRnJlV5RewauA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "G+9N13KrW8llfPCf5WB6VQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "G1YDEd7+V95Qa+PMxB8sJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "G61ZL2SOHR2qgvQfi118gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "GIScmMWQrnoFNoEgq3fg2w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "GSkR2SOuqWQN8NtOvU4cgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "GcPR4oPcmP8xTRqQf8mOrA==": [ { "package_db": "python:opt/app-root/lib/python3.9/site-packages", "introduced_in": "sha256:5ade92cd94be5f670086c18c0b7d4cb67cb1783465a0b2592a35bcce4f659688", "distribution_id": "", "repository_ids": [ "f863cf24-5ef1-4efd-a185-2bced22e5852" ] } ], "Gk1VvIy1LEM/8q8synm4CA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "GoSJNc45d375ndxFSydBLQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "GtFO3rQtk4lExV/Q1qfFOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "H3zfV58LzeEUiNQbZbZb2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "HFwGHerHwgvY8vkjr3x1Pg==": [ { "package_db": "python:opt/app-root/lib/python3.9/site-packages", "introduced_in": "sha256:5ade92cd94be5f670086c18c0b7d4cb67cb1783465a0b2592a35bcce4f659688", "distribution_id": "", "repository_ids": [ "f863cf24-5ef1-4efd-a185-2bced22e5852" ] } ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "HbglDdnV9yne0i8jQL30HA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "I+WaA97GC/ibT79EOQ1/hg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "I16VSEydeiRYB1TSf5694A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "IDaB7M+//88qbPppM+LpUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "IEOPnSI+YMVMmOLLC+bSlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "IKF7K/1fqT3je0bcasBeFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "IOb5jo+s7DgjzeK/LoVNig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "J/syUZ/V3aaUrNt/Dr2u9g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "JAKIgWlsG9s5Mu8FvR37Sw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "JCGQTIbPty0c46D5t4dVHw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "JI92axWONkD2XCTUAeCtuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "JKP7JzVg7UGaAz4VrH03lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "JWSejabRwbOC28zMUX6wRw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "JaDqP2PIekJ4FuDfyPDUKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "K04omiWBsTnRCbFVZLmRKw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "K1DorLN/5PaEJVa4ywo4tQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "K5U87AYLwYDq48YpniD72A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "KF5C+zKu/uFB7knCqOvDAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "KH0/KbRUi7KL6UvWa8i6Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "KI3G71oxLg+E+Mu8flfxMA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "KMPuzPUoJW0H9SIkP0WBiw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "KSobT+LH4PXsCiP04HOhbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "KcftiMkhTw4x89HNJI8NNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "KlSRCTMecbL63Kg+FZjUdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "KnsryeYjIOfmvupUdl8bDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "KyRw1LumZrRo6AKKkHgP7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "L1wl5gEz2lzyNJbirzPmpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "L2RUW2Fm5EOgoqwyitY3bg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "LDIMlzOywHz1+CG5FwjKdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "LEyuwSco7tb1WIyWy42H8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "LKZnqm8WNoyW7jCRmFcI0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "LPYp5WHbuUIrDoVmdSqGPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "LQ04QTiA8wpfXc1xh98HzQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "LZYaKh1MnXoGX4fHzghRTQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "Ldg4Wge0D5hiTxUZpj8f0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "Leh3RdsGa1oyRcl5Dz4SdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "LjtOegR/S/Y0KwJeOuSl/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Lp/xMYo4cC+PpuBlkEhbWg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Lwqn0aweLQLZmo12VvYcog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "M2qdPAOOvb+CWXJwouP4Rw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "MDH8Zt4oQWDiYk9qFV5Lbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "MORX6hW9ZLZCt/52w71zTg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "MWMHgjR1viS9EYhgh87XqQ==": [ { "package_db": "python:opt/app-root/lib/python3.9/site-packages", "introduced_in": "sha256:5ade92cd94be5f670086c18c0b7d4cb67cb1783465a0b2592a35bcce4f659688", "distribution_id": "", "repository_ids": [ "f863cf24-5ef1-4efd-a185-2bced22e5852" ] } ], "MXR26wvfFq4/JiRamdOfsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Ma5Vpx57SAZOCC5w2EPQYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "MdGkZ055CI+TZYqVm7FIPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Mjle5B5h66lsDAGaEb0h1A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Mp61fGpK3II0W8dIQgk3hA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "Mq+Zh5sZAvsHrG1oP+tU+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "MsMq213pNjOV+46+wi8tyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "MvJE7slPeyMPjzl+J8UH7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "MxYp6jmrNGPG4EUMxgtsIw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "N6Nykj9OHLGhZUXyjmuxgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "N9SQ1VZ/1zaqG0gdsMW91g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "NOK9CQMBrSIXIbB8sT8wjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "NQAINik1AG7Zn8OB8pLDpA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Nak/NGhCYVubG4CsEbHhug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "NbVL9FOta2NZ1h+700bdWg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "NdCY2/S+syamLH224R4hug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "NkVP5O90EaiaDjZZzKM5xg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "O2sY6X4Mcumj/NPEmCvuLA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "OD9rasSWx3gpljb/Y6wfUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "OgwdUybWl/HQYbnPTE4Psw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "OjNTXmzk3GTlhFWWWLxaGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "OkY4XBjh2jDTkYhGjNkrUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Ol1YWxU11Z64v1nA/zb/5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "On+NX4Yr+KIGVwagqPDWcQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "OouxvJU/PMvcyf8kTSdMMg==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.2-359", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": [ "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39", "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39" ] } ], "OvOSK0YS4U6j2gyFBATNXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "PTFUIquIrYO4PcMvo6vxMg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "PW1RAxkiwx83tVBhyQViyw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "Pstkjkz7Io1S30t7a9lp4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Pw9vkrF+FmWj2LeMt/9ntA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "QJRhZnlhvKxabkibTf2YwQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "QdLtAM3jbmPPAUlc8Ii/Sw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "QwKK6TG/JtcCly9jntVf+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "R9sC7SuM6vJmJZYq/bMHWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "RNF99TNFsR24U7tzdyzajw==": [ { "package_db": "python:opt/app-root/lib/python3.9/site-packages", "introduced_in": "sha256:5ade92cd94be5f670086c18c0b7d4cb67cb1783465a0b2592a35bcce4f659688", "distribution_id": "", "repository_ids": [ "f863cf24-5ef1-4efd-a185-2bced22e5852" ] } ], "RYlcnK5aDkYpG2HTfkwNDQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "RgUn0rRy/i742s4qQGGoNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "RnnkgzrsHA8d297AfaWbPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "RunEBGWLLuuKjZpttkMLmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "S/No5oxfxOsjYA7UDjS1kA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "S2LCo+58/O6rmc/KZC6ghA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "S7oZGbo6zhW2tPnf4bdYAg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "SJ23Qf9ZGTl5HD5F3qeZTQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "SSFXEK4vNCR4s9ImWtXtgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "SZllfeGD2yJm0VL0H7onLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "SdI1Am/qHph5dG2ZoOeUIQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "T2VlKjO7CHKpAcTlRn+i4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "T30/e/rXh5Z9TgwiY2CCAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "T8zXVQHo3h0ASj7NMqYhvw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "TPIRq84Pr3a6ywzPeCr3Pw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "Tl6ebomp9GQLN9svWzKp+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "To0NR+oyXDu1CYJfmVGurQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "Tob5YtKxleVTQzw2GCmwGg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "TzT9ayOh2hZShfYtipxZEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "U0P0dNPn1iUcw6b33AAKUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "UAY1jP87klJyaGdFPK7xTw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "UFOUWXspgJlx00D0q0rCUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "UQ0iR6K7H7VlNJDWtSXu8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "Ud9PNLLJ6v7hTpAYdO825w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Uh923oEysUV/Jd+lAsrExQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "V/3oHP6E5IRlfgZZHK72RA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "VDWxBVhhJMCCBIlvmorheA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "VKn7W/G4YSPWexQiMm5Mpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "VLOqRGIR4aQvFfvVrpLyIg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "VV2Z1ngTs6sGvt5SrayPCg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "VYdUwKBAQLmf/YxtfkL4Ng==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "VhjrPOGZ9XGEFgLnQWc+KQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "W4amAY83CsyR7zQ0GM7zsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "WGTPzg6kcF7+DBqm8j43JA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "WM43f6rBXkL3dY9fUi8CGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "WN9YKonIBKVWuMNAg76vrA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "WQKADjeyfRD38rnEEOPp1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "WifWl02dLM2pp5urxOSuNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "Wk7LqC7t+o2XGJ7GcNisJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "WtXZ2fXaMBz4LgxKVaglcQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "XE8zSisNWy8L6qfbOa8bgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "XMI2bnJZdxdcHnKc3zgCUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "XMPq7+46c92RSax5sZ9PZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "XX1gx35T8rMzed7p4qESdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "XY7Rsp3abvPv7z5PedxTfQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "XknZfuy4JTIfmNl9OaWPvw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "XliA1VgMzM5VjjSZdnmlQw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "XwbkaIGCYyq6BjBMVZ1wzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "Y35yrxWjtTUkUbNtS9+p6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "Y7RfEE0STf2iJPRrFks1EA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "YfEo6WVMrrTwiYOybxFFKg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "Ykql8nkyvRcgK8Lh7Lq+kQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "Yl1vpKVHRvRB21rCddLWsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "ZFEfQrxUBY1btxBh+yKlDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "ZX4vKkXsoMfQ2HH9oPb0TA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "ZirAgSALB60nuB+w96ycGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "a8xKqhaA3WAbx6RAfWh+mQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "arzS3GnLPLKzM8xRPFnUzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "ax5YZqtoTsGSLh5YAOUDAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "b/fX+2E3Kw/VrXP3Viej5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "bAHdU/f6fCAnpSF6X2i8tw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "bEsPytE/ZdCMbfuAgQc9AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "bFvWffGqJWr7FWnI7K9NVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "bQK0gSM91Pq8oi5kJ9072Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "bbOmNWQZu2GtbHRNTT5LbA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "bmteRKYcfys3z5xoBsdO6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "c+NNakWs+nuv9id8/GMRCQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "c80O2pouI9LIJSZbRJWPig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "cmnl8AuxbWKMe5IsutS6hQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "ct/ndQfSB+G17YP34ufDBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "cyPuHTnlw1rgBeukzqOA/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.2-359", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": [ "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39", "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39" ] } ], "d2u6OOcV0gny9xb/XcV90A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "d3XTAE48DbXhY9WDvZR8ew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "dBjb+khckVi+h+bXEXQ0NA==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-432.1684740240", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": [ "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39", "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39" ] } ], "dC9CoYt17eaqinGSVCfCxw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "dMY7Qly4vcBOdARECvhzxQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "dN6ybm8pzBFkzp1B5ADKWQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "dStYvdO33sly7EacpHOqeA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "dYr9tK7XM6aISNKJAtl5ZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "dpQG/pUwAqVv1OdQqnvylQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "dywLPrGPYbMhmK8BDXQbTA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "e7W78NrdwYaVEcBcXhDv5Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "eEjpOxWkwvzzJN5kkeVUcg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "euXwzVjOcimqFJYqARwKWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "eyrMb/GsqkuTYioGKTuywQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "f+vfvrJhWMY0olKoVALiZg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "f2GhXCi0MGW6C5vh1ih8XQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "fABYCJhoNbEVNi6uQbozyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "fPqd9vZ8gX6ENS8pJ4Xrwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "fbMnHEQrv8x4t0qLnKLwbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "fdGdDMnv09wSB2YQZy6KvQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "ftjpFADg59vG8c6VuasWSw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "gAmtH01AtPv8BgKs6vvp1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "gBWlSWdEA8U1+Ep4A/+M2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "gJHwCqer7Rl9ijGK6wpg4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "gONioUcnQIIRbbViWOETsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "gaj77WNtnPFhL+vveIeiCA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "gngAZQYf0zy4+w3GwgpLmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "gqOdH0Kiuf6AbkqFcLH1hg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "gsdYiUdG+fMtG/M0X1EkAg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "h1J8TPl/jsinSWX6NGdwBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "h1cVg0k54GXoiwzxAq2Yig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "h9twf6qS77k2oq5EqT60kA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "hKJ3xmpaes4B2vxd2C5M1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "hYEisV19Dxn4PvCvxJFm5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "hagAldrmW5BKtVwDil7uxw==": [ { "package_db": "python:opt/app-root/lib/python3.9/site-packages", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": [ "f863cf24-5ef1-4efd-a185-2bced22e5852" ] } ], "heXcDkpDDTJ/ac/FHrXYvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "hgr5TOXgV4U9LXyKt2w6gA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "hjikQWtnmVPaWts63wYw4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "hrY/5TRUmBt6d/EoQ9M7aw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "hwDu44WbabGgfO5r6rrVvQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "hyds1mrD8GWUXo+lv53Rag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "i5oeumDhhynr3T9Ik5cAaw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "iG10xBRfLLoRP3qlluI7NQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "iMLMqCcRXnm6QslpJnCS7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "iODVJwGc39HK9YJaL/S8oA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "iQByZpdRXgW/fl3SoDuoAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "iTjyL8AL9avw3YnaeFgLEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "iswhVSntR4QnIsTAyM6ydQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "ix3lD4/Nn7qLbcpDm0AIhg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "ixW66YgVs1wZXBxyWt13+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "jDIVpAdvhjPN/gmOBNQuag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "jDl1XUvAdn9+mQXB8dOXgQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "jH43ZEoPP2TpNiUJXUizMw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "jP2MQ8NZSq7niL51MUXrbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "jXo3rXdhdYGkiXYZpQxZ3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "jbZYcB+conABOoSlK2dErw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "jeO9KYJY4vtRl4FdYT30Dg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "k2/Uj1zK7XGhSfuYoepPmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "kAc8BYCjeCgQR9YdLeGx9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "kAeo6wOpPqyKfEIM6fhPPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "kDzRHkg3txncDWuyd5771g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "kbK7zjqVLBpqqO+SO7RFQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "kdml4TiffKDDUHJjP7R1Tg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "kigiD4fuysu8/DeCr+ONKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "kiuxclwU753PR5FuupUaEA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "kjBdgQQNdOoXImAp5fQQpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "ktHjHCegyaFGFLaqVjqkVA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "l0z+eHWKZYYL3mOicWgc2w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "lITnNJqHTfcVQiCGHjWozA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "lNWcYbl6h71sUZV6B4E+bw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "lajcRo8M3+y2K3Ci00VHYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "ly9SmBBH7WsYXh1oG69XaQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "m7hOFCjo7x6PMvux7htFOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "mK/FUfODp3MR7WS2xegPsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "mLZQEF4KLS62c+8BB/jz0Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "mLtyJkgiain09bfdUDF0tA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "mPqGnMbiXN6jP61aGbHvOA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "mS/mU0XqXurt5b2cC0G2wA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "mUWlB/zKDu+SsRl4ybUmSg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "nC22unSxVi1R4g6taYLM9Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "nGBKPb406lGwZT56VfENpA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "nQ2GBM/gj/3E8MCX+/anEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "nQMwj1eUiCBkaYGhP919IQ==": [ { "package_db": "python:opt/app-root/lib/python3.9/site-packages", "introduced_in": "sha256:5ade92cd94be5f670086c18c0b7d4cb67cb1783465a0b2592a35bcce4f659688", "distribution_id": "", "repository_ids": [ "f863cf24-5ef1-4efd-a185-2bced22e5852" ] } ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "na4ojyfFHL07xf5Yr8wxsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "nfPufzGeU1GNtwMg2NZjyw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "nqniqNEVhrfub8cS+os87A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "nvxJsUFWvodHYwGusWrCfA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "o0sNxhdrQvn3LtgSlydcdw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "oK41W21MyjS/j+5BoCQjuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "obNuQXzAwE3TzjUoRN1yEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "oclpmz+FssvmCD6ysyi8mw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "og/hyn7iqbsNsfIv/8VHFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "om/hnbn42itSjLCSeL6+2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "p5/fxZumt5POFcNowtTiuw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "p5p9BM7pNAz2WsIpV9j2Vg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "p84Jbbr2OyhgEYqMWSBnYg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "pMCjbYMWFg0OW6e3aesnmg==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-404", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": [ "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39", "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39" ] } ], "pPr7yDMpB7ZjDUk38ihGgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "pc8TmjOHnExT3yvCQuGR7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "pghQDJVZ6nOQ9Xe2E75qtw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "piIKp3mha3J0aqiUeWB7lg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "ptT0YL/h24MTjTTVlPAZVg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "qRYqnsmHWyPYtkZR3QWTvw==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-404", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": [ "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39", "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39" ] } ], "qYSZ6aKFWol313IOGRXaug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "qaeDIBzkPb1YcHW+c5XKTw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "qcLLXOiskeOh3Yk1oA8Pwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "qr+LQm/hdVc+TsPUEoIhXw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "qv877m16TWTnhYtFU/bzVg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "rAxI6ugHAhGGLF0rGYHfUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "rCLp3m64Catai9VuHvh3Lw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "rEU0uZUpz06y9hg0ORc49A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "rHWl96jwSRpVOW9Rmtir2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "rUUieTQ6JPdOKUOFRfhvNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "rY/kE/V4JnxYoqV+lmc9mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "rYCgRZF9UtO2MybO6TcW0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "rZckolqfVnE7xInGZn5Zzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "rj2k4My0f4W7sR9R0rDeJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "rlHYqOr0lkUB/Gs6b1kD2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "s/sN90wkrzAWkEGvOCWevQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "s2h0kSO0Y3eNEReWOR8CBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "s9qYH9lv+nqFfUwtnSIxEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "sE1EmQ5Nhv4P4rilE6lODw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "sKD1m/Tx9mlFSspWqkqwXA==": [ { "package_db": "python:opt/app-root/lib/python3.9/site-packages", "introduced_in": "sha256:5ade92cd94be5f670086c18c0b7d4cb67cb1783465a0b2592a35bcce4f659688", "distribution_id": "", "repository_ids": [ "f863cf24-5ef1-4efd-a185-2bced22e5852" ] } ], "sXA/H9XX1FCBnut09ugTOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "sZC9JChvb46EmDWlVsLY4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "seCPTRxsW0CXUgbCc8GtTg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "senWHvSi1AlFz8ttUDvIeg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "slOVRtjq4478nP0dtG1VIA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "slOYGSVfSsDARkAcrk9R3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "sm+xC6hqiI5z9MZTiNGgAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "ssPaV1VLDu6d5ZJ6Rrmh3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "sukNATkcLkohYgGrhDtrZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "svMaWd1Pkq6Z/UDBHTpApg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "sx0C6L5COHIkv6yQQyPlbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "sy1cTR7VjlyD3WavviV1+g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "szBndBxzz7klx0noQ6O0zQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "tOoZIHzytN01BRAw3es1Yg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "tWWw65aFr0Her+B1hlgbqA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "trv2Vgd2QnIOlR8n5qdkvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "u5TyEoU5GA6Z2czzwhMLiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "uCyCeArpCxiSoV6DjC80ng==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "uIGxNSLaVnAmi0jJ0xnwdw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "uSt8DkzxoDcE1tRbyYPDOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "uwkXfq5VvKEldZwWOwGq4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "v5fMEqf0GRz+BrBqAji9dQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "v6X9Dt1wPw8fK6VaHz1Ffw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "vAPPN6rYSkP394gvFPG0sQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "vP8GkM/8POo0+xS4J25IXg==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-432.1684740240", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": [ "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39", "1ba57ffd-21fc-4e8f-bd92-88d88ff95b39" ] } ], "vSRLH3asu5knZtxqOxtnwQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "vVm5dK77cxKy79CJLkG4tQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "vVrvJSq6PSHuN2/SjjnToQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "vcbNsnPegQ9DMvL/4z83AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "vq/Gn/XN/vhb+s09B3VJzg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "vtNcuXyRth8r8K/W3sfqrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "vxE46vHhDXuS+hlSHziZ9g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "w2DoavvB02S/+BS01jQqJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "wVOHUaFC3qlk+Ft1W2VH7A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "wdMozBSF06uhI4HOI003SQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "ws/3dejYQ9Iw2hFH6EdsFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "wu/SuBfGK4XxN58kBmX5uQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "wvtx3JsOUmPyorardjeYSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "x4oijVhQU8BUwJwoFvk4QA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "xGsFnJNA7f9q/+8cz1QFqg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "xRhdpRBdZ/CHodU2oE0btw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "xVpXFb43dZh4HfBX53yyew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "xdunfqVk+0spTcWoJA7wPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "xfiNHrth0bRlTgQnR3IgUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "xgCGPQ7CZbjJqBTw2Nmu9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:061494b16a3e082ac22c3159029d7399a8b153778d0435e438bfdcc22f203bc8", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "5eae9482-7def-4dbc-b110-c26fcf6e3b68", "16d9a897-a94f-4f7e-8818-70fa19137c65" ] } ], "xh4NhhVC69+jOkFwMqnXfA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "xhMgwxa+ubXlCA6s9XfRgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "xmvHgJqnx+8mo577UrJz8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "xnmn6fk+/THLJg3emXYMww==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "y9sflCLWTaHWSSC+w8u7bQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "yDt3wSYEqsz4/xyFxjBFAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:d9d9d25f17c4833974cb1ef7565ee08d7c1de6d33ba6689b458c56a06ea764b1", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "4acc1027-2ab3-427f-81e3-c66f0ed6efef", "42e7e6b2-0aa6-4a73-833c-b9bb8833e934" ] } ], "yU2oeSGRdhrEc6MC885lzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "yY469KfvqdHWbJwmOcIU1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "ycSS8xsUDu5nMwsql04xfQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "ygSe5Kj3U2XQiKfpAdkx+A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "yjR8lvdxVJDPIeBNVwLrcA==": [ { "package_db": "python:opt/app-root/lib/python3.9/site-packages", "introduced_in": "sha256:5ade92cd94be5f670086c18c0b7d4cb67cb1783465a0b2592a35bcce4f659688", "distribution_id": "", "repository_ids": [ "f863cf24-5ef1-4efd-a185-2bced22e5852" ] } ], "yl89ZUYB/c9VKLUIKBe/Rg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "zIFn1hwQ+gf5tSEzT54ZNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:9fa194a4ae444ef797f64bab9f41c31fe17ea4dee1bb6fd6fc173c6dfd8731fe", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "de7f4c60-caaa-4e02-8669-ad59e6bf9e33", "1dd1816a-7447-488b-81f6-0b109706ee19" ] } ], "zLbmCpiDy68qsFvtKNzmgQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "zYwssjfM875kzpetvkIuvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ], "zxuLMmxubC84XoLpkfxZ3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:beb8e328b09f65a11e1a279e7a5c2b1b5603febbda94735feb77f3b01bf0f4ee", "distribution_id": "f48b2efa-d868-47ee-adb0-b469423de1f6", "repository_ids": [ "648ce893-0452-41cc-8310-f7508928a29f", "bef2b07b-0ebb-49c3-a93c-b67efdef72d2" ] } ] }, "vulnerabilities": { "+++3TnIRZlKm1eoznwUkUQ==": { "id": "+++3TnIRZlKm1eoznwUkUQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "+6d/SeOQYGr+iTSAhpcDwA==": { "id": "+6d/SeOQYGr+iTSAhpcDwA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "+7BcbfUQa+MCLOaxOqWxxA==": { "id": "+7BcbfUQa+MCLOaxOqWxxA==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "+8xSp5AB/ujqdCopwckONg==": { "id": "+8xSp5AB/ujqdCopwckONg==", "updater": "rhel-vex", "name": "CVE-2024-38476", "description": "A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 https://www.cve.org/CVERecord?id=CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38476.json https://access.redhat.com/errata/RHSA-2024:5138", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "mod_ssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:2.4.57-11.el9_4.1", "arch_op": "pattern match" }, "+PjI2yN4wCMPyf1oygeT5Q==": { "id": "+PjI2yN4wCMPyf1oygeT5Q==", "updater": "rhel-vex", "name": "CVE-2023-48237", "description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48237.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+S1eCXocxDUImLfRgrh/Zg==": { "id": "+S1eCXocxDUImLfRgrh/Zg==", "updater": "rhel-vex", "name": "CVE-2024-38473", "description": "A flaw was found in the mod_proxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38473 https://bugzilla.redhat.com/show_bug.cgi?id=2295012 https://www.cve.org/CVERecord?id=CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38473.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "+TSLp8E4dN8AnqD6Q277QQ==": { "id": "+TSLp8E4dN8AnqD6Q277QQ==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "+Zs4a0HA480wHmF7KJoeNw==": { "id": "+Zs4a0HA480wHmF7KJoeNw==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "+hBhqk1qKnkU+nqn6a96qg==": { "id": "+hBhqk1qKnkU+nqn6a96qg==", "updater": "rhel-vex", "name": "CVE-2023-48233", "description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48233.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+ktUZBMzpotOFKWwkqT/rQ==": { "id": "+ktUZBMzpotOFKWwkqT/rQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "+lMwEA2uH8A4fM725P2qbw==": { "id": "+lMwEA2uH8A4fM725P2qbw==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "+lYjBQ1bLfBtqJGBvaBscw==": { "id": "+lYjBQ1bLfBtqJGBvaBscw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "+mzY+BFvaMJf3mtbs8fARQ==": { "id": "+mzY+BFvaMJf3mtbs8fARQ==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "+nrMi8U389zlK2TEsOUGbw==": { "id": "+nrMi8U389zlK2TEsOUGbw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-vars", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.05-481.el9", "arch_op": "pattern match" }, "+o9j0Llb6+ISl2S6vmkRkQ==": { "id": "+o9j0Llb6+ISl2S6vmkRkQ==", "updater": "rhel-vex", "name": "CVE-2023-25434", "description": "A heap-based buffer overflow vulnerability was found in LibTIFF's tiffcrop utility in the extractContigSamplesBytes() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds read access resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25434 https://bugzilla.redhat.com/show_bug.cgi?id=2215209 https://www.cve.org/CVERecord?id=CVE-2023-25434 https://nvd.nist.gov/vuln/detail/CVE-2023-25434 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25434.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+sogRO7MZKXHT07LeompQQ==": { "id": "+sogRO7MZKXHT07LeompQQ==", "updater": "rhel-vex", "name": "CVE-2023-52356", "description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52356.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+uMSPU5jbqI0+jsP/eX6PA==": { "id": "+uMSPU5jbqI0+jsP/eX6PA==", "updater": "rhel-vex", "name": "CVE-2022-3037", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3037.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+wnQC0tYj+uyZzMNgN2bcw==": { "id": "+wnQC0tYj+uyZzMNgN2bcw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "//JUC9cSBRpTkexRqgXGDQ==": { "id": "//JUC9cSBRpTkexRqgXGDQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "/3j+rzG0OwcPwo2Rmp0+oA==": { "id": "/3j+rzG0OwcPwo2Rmp0+oA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "/4JeYmWyC6vKV4s1Ym1aGg==": { "id": "/4JeYmWyC6vKV4s1Ym1aGg==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "/7MOqzYcpKodu8z+UG1h/g==": { "id": "/7MOqzYcpKodu8z+UG1h/g==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/9emm4Fj6NV1IQpSFJjnVQ==": { "id": "/9emm4Fj6NV1IQpSFJjnVQ==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "/Biu0Ok5nwCG2XG55i0JgA==": { "id": "/Biu0Ok5nwCG2XG55i0JgA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "/BmwZ52n8e/hzX7MgTDW8A==": { "id": "/BmwZ52n8e/hzX7MgTDW8A==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "/FBFBAMO8SlSuHYyN60DYA==": { "id": "/FBFBAMO8SlSuHYyN60DYA==", "updater": "rhel-vex", "name": "CVE-2024-38476", "description": "A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 https://www.cve.org/CVERecord?id=CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38476.json https://access.redhat.com/errata/RHSA-2024:5138", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "httpd-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4.1", "arch_op": "pattern match" }, "/MWzwBJlhhNbF+zp0zgq+A==": { "id": "/MWzwBJlhhNbF+zp0zgq+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Find", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.37-481.el9", "arch_op": "pattern match" }, "/SQLUtPnmMNtkWI7Eg211w==": { "id": "/SQLUtPnmMNtkWI7Eg211w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "/T2e2s1XVanyEShgjo7yNQ==": { "id": "/T2e2s1XVanyEShgjo7yNQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "/TlXuCSs4iN+O7ZiXHh0rA==": { "id": "/TlXuCSs4iN+O7ZiXHh0rA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "/V1UHbXM7rd1scgtSjh2kQ==": { "id": "/V1UHbXM7rd1scgtSjh2kQ==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "/WQB0Cmnj06XJWCr3nqOoA==": { "id": "/WQB0Cmnj06XJWCr3nqOoA==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "/YcdipQjiqJUDpddwhDiIw==": { "id": "/YcdipQjiqJUDpddwhDiIw==", "updater": "rhel-vex", "name": "CVE-2022-2345", "description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2345.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/cobD4q1+lV6IVuJHME9qw==": { "id": "/cobD4q1+lV6IVuJHME9qw==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "/do+fQ2Lnu83vRm2aCLhhQ==": { "id": "/do+fQ2Lnu83vRm2aCLhhQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "/eopcBL7Sl3Br4tMJEoF+Q==": { "id": "/eopcBL7Sl3Br4tMJEoF+Q==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "/f2tkcQLR3DiblHxA5NH1Q==": { "id": "/f2tkcQLR3DiblHxA5NH1Q==", "updater": "rhel-vex", "name": "CVE-2024-38475", "description": "A flaw was found in the mod_rewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38475 https://bugzilla.redhat.com/show_bug.cgi?id=2295014 https://www.cve.org/CVERecord?id=CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38475.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "httpd-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "/oK+zNt0cQ+IZv2Cz+p1ow==": { "id": "/oK+zNt0cQ+IZv2Cz+p1ow==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "/rGrv6ID1FHztWkSNUU0Yw==": { "id": "/rGrv6ID1FHztWkSNUU0Yw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "/s1A0DUzgN/pTr1DN27Mlg==": { "id": "/s1A0DUzgN/pTr1DN27Mlg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "/sU8IhZ8FGcY+dVFZoJtXA==": { "id": "/sU8IhZ8FGcY+dVFZoJtXA==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "/wfob5jHHezdiyugtfPWjg==": { "id": "/wfob5jHHezdiyugtfPWjg==", "updater": "rhel-vex", "name": "CVE-2021-45261", "description": "A flaw was found in patch. A possible memory corruption vulnerability could allow an attacker to input a specially crafted patch file leading to a crash or code execution.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45261 https://bugzilla.redhat.com/show_bug.cgi?id=2035081 https://www.cve.org/CVERecord?id=CVE-2021-45261 https://nvd.nist.gov/vuln/detail/CVE-2021-45261 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45261.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "patch", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/xdpp5e60iW9urlPuqfkRg==": { "id": "/xdpp5e60iW9urlPuqfkRg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "/zoTHp0WvKz9OUpG9Avr/A==": { "id": "/zoTHp0WvKz9OUpG9Avr/A==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "0+YAs+Dy3SPd130Wus0uxQ==": { "id": "0+YAs+Dy3SPd130Wus0uxQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "0/gdp7pbH2OhTn0s4Cc6wQ==": { "id": "0/gdp7pbH2OhTn0s4Cc6wQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "00cDk2w3qfvdzMbO27c/+w==": { "id": "00cDk2w3qfvdzMbO27c/+w==", "updater": "rhel-vex", "name": "CVE-2022-2982", "description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2982.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "013z8uiFb0/87cV3rWLBZQ==": { "id": "013z8uiFb0/87cV3rWLBZQ==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "03WJApqdfWbzHtZHpqBt1Q==": { "id": "03WJApqdfWbzHtZHpqBt1Q==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "060U9UsbZoE9zHQMn0bmdQ==": { "id": "060U9UsbZoE9zHQMn0bmdQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "06nVp3HoQkp2GMYq8FEEOw==": { "id": "06nVp3HoQkp2GMYq8FEEOw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "06qXhEA2lTXGPI9f+9EKkg==": { "id": "06qXhEA2lTXGPI9f+9EKkg==", "updater": "rhel-vex", "name": "CVE-2024-39573", "description": "A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39573 https://bugzilla.redhat.com/show_bug.cgi?id=2295022 https://www.cve.org/CVERecord?id=CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39573.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "08LgszY/7nkM+671dSK1bQ==": { "id": "08LgszY/7nkM+671dSK1bQ==", "updater": "rhel-vex", "name": "CVE-2023-38709", "description": "A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38709 https://bugzilla.redhat.com/show_bug.cgi?id=2273491 https://www.cve.org/CVERecord?id=CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38709.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "0BWw+o/VRLTjmukorj4XNw==": { "id": "0BWw+o/VRLTjmukorj4XNw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0Buw6+kieGxn0xHqRUfqSQ==": { "id": "0Buw6+kieGxn0xHqRUfqSQ==", "updater": "rhel-vex", "name": "CVE-2023-27522", "description": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27522 https://bugzilla.redhat.com/show_bug.cgi?id=2176211 https://www.cve.org/CVERecord?id=CVE-2023-27522 https://nvd.nist.gov/vuln/detail/CVE-2023-27522 https://httpd.apache.org/security/vulnerabilities_24.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27522.json https://access.redhat.com/errata/RHSA-2023:6403", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-5.el9", "arch_op": "pattern match" }, "0DMa5ftnj+HYBOgjKFl2gQ==": { "id": "0DMa5ftnj+HYBOgjKFl2gQ==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "0DQjD35MphQLwWNOtJTVPw==": { "id": "0DQjD35MphQLwWNOtJTVPw==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "0EA2hakQnbQP4+sqk/xhog==": { "id": "0EA2hakQnbQP4+sqk/xhog==", "updater": "rhel-vex", "name": "CVE-2024-38477", "description": "A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2295016 https://www.cve.org/CVERecord?id=CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38477.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "mod_ldap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "0Fx6QRcYMgyXu9KCYFcW+A==": { "id": "0Fx6QRcYMgyXu9KCYFcW+A==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "0GnwLFQM8oJdoYcoATTiEQ==": { "id": "0GnwLFQM8oJdoYcoATTiEQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "0INnWKjjSMNVc6OCjv18YA==": { "id": "0INnWKjjSMNVc6OCjv18YA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "0KHHRM3zzr0IWKnLIse0pQ==": { "id": "0KHHRM3zzr0IWKnLIse0pQ==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "0Km4SjpysXaOB6kksVVDzQ==": { "id": "0Km4SjpysXaOB6kksVVDzQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "0LEjw5X6tgQucjv/6pguWA==": { "id": "0LEjw5X6tgQucjv/6pguWA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "0O+vZNIOf3k2A6gcV08l+w==": { "id": "0O+vZNIOf3k2A6gcV08l+w==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "0O6vUX1pq+1kVV1sESVhMw==": { "id": "0O6vUX1pq+1kVV1sESVhMw==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "0QiVY9M19b7tjbpn/ViWqA==": { "id": "0QiVY9M19b7tjbpn/ViWqA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "0SOGBOSWJuTVuoCpNhRztg==": { "id": "0SOGBOSWJuTVuoCpNhRztg==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "0SSbyb1ilRd9IrbrjxK/YQ==": { "id": "0SSbyb1ilRd9IrbrjxK/YQ==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "0TrLtadJ9afLCE6Wo3XSvg==": { "id": "0TrLtadJ9afLCE6Wo3XSvg==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "0Vj2SrIc6hWAbIbOE4ly5Q==": { "id": "0Vj2SrIc6hWAbIbOE4ly5Q==", "updater": "rhel-vex", "name": "CVE-2024-38477", "description": "A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2295016 https://www.cve.org/CVERecord?id=CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38477.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "httpd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "0W0/E/g2cPvxNF42LmIwRg==": { "id": "0W0/E/g2cPvxNF42LmIwRg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-AutoLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.74-481.el9", "arch_op": "pattern match" }, "0XyIJoIqTLxnYiZet4x5Yg==": { "id": "0XyIJoIqTLxnYiZet4x5Yg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0YVxD0vSH+0MhijemP/Jmg==": { "id": "0YVxD0vSH+0MhijemP/Jmg==", "updater": "rhel-vex", "name": "CVE-2022-3705", "description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3705.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0ZY5ysR3Nkqr0/VhSIiqfw==": { "id": "0ZY5ysR3Nkqr0/VhSIiqfw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "0bK7Vo3x9SXQYvDvMmgzXA==": { "id": "0bK7Vo3x9SXQYvDvMmgzXA==", "updater": "rhel-vex", "name": "CVE-2022-2208", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2208.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0cWQcHQSZ2tFOKqgcBWmjQ==": { "id": "0cWQcHQSZ2tFOKqgcBWmjQ==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "0hSNEbIHPUbc0SsQiTGf6A==": { "id": "0hSNEbIHPUbc0SsQiTGf6A==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "0hyVfEGYmZHgsqyKSJ0pyg==": { "id": "0hyVfEGYmZHgsqyKSJ0pyg==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "0oSuMO6l7Zw5zu2u1O3EVw==": { "id": "0oSuMO6l7Zw5zu2u1O3EVw==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libdnf-plugin-subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "0qEjunEr8GfOdDmHoSzzSA==": { "id": "0qEjunEr8GfOdDmHoSzzSA==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "0s+Oo3nd8zFM1b/9W/xFMg==": { "id": "0s+Oo3nd8zFM1b/9W/xFMg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "0u2Zo3eZYFAXhVSIZh+vXQ==": { "id": "0u2Zo3eZYFAXhVSIZh+vXQ==", "updater": "rhel-vex", "name": "CVE-2017-16232", "description": "LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue", "issued": "2017-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-16232 https://bugzilla.redhat.com/show_bug.cgi?id=1516189 https://www.cve.org/CVERecord?id=CVE-2017-16232 https://nvd.nist.gov/vuln/detail/CVE-2017-16232 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-16232.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0u9BhQlRGnXqmFj5VxmVgw==": { "id": "0u9BhQlRGnXqmFj5VxmVgw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "0v5F4x1W0RxkklLvRs6NKQ==": { "id": "0v5F4x1W0RxkklLvRs6NKQ==", "updater": "rhel-vex", "name": "CVE-2023-0433", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0zv+xomxIiCvJFT5PKrlsg==": { "id": "0zv+xomxIiCvJFT5PKrlsg==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "14EBaSYBL4fLL4zgayhBkg==": { "id": "14EBaSYBL4fLL4zgayhBkg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Class-Struct", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.66-481.el9", "arch_op": "pattern match" }, "14lZotAMN5wk+cTM9uFZ3w==": { "id": "14lZotAMN5wk+cTM9uFZ3w==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "19Kvl4LS7MCiBo2cRD5fxQ==": { "id": "19Kvl4LS7MCiBo2cRD5fxQ==", "updater": "rhel-vex", "name": "CVE-2021-3974", "description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3974.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1CEt59+PK/QZsDtTC+bpGg==": { "id": "1CEt59+PK/QZsDtTC+bpGg==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467 https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902 https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65 https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86 https://openssl-library.org/news/secadv/20250120.txt https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1I7VtxkB33ashDX0kB4Teg==": { "id": "1I7VtxkB33ashDX0kB4Teg==", "updater": "rhel-vex", "name": "CVE-2025-5889", "description": "A denial-of-service (DoS) vulnerability has been identified in the brace-expansion JavaScript package. This issue occurs due to inefficient regular expression complexity, which can be exploited by an attacker providing specially crafted input. Such input could lead to excessive processing time and resource consumption, rendering applications that utilize this package unresponsive and causing a denial-of-service condition.", "issued": "2025-06-09T18:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5889 https://bugzilla.redhat.com/show_bug.cgi?id=2371270 https://www.cve.org/CVERecord?id=CVE-2025-5889 https://nvd.nist.gov/vuln/detail/CVE-2025-5889 https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466 https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5 https://vuldb.com/?ctiid.311660 https://vuldb.com/?id.311660 https://vuldb.com/?submit.585717 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5889.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1Jt73JTYHnK6fHaV6lyLFA==": { "id": "1Jt73JTYHnK6fHaV6lyLFA==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "1S8SOPvrptI3Ktb4UdMF3A==": { "id": "1S8SOPvrptI3Ktb4UdMF3A==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "1VNF4SbZzJg9kuE9rdY63w==": { "id": "1VNF4SbZzJg9kuE9rdY63w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "1VuMx1iaAJE6foV+C3GDPQ==": { "id": "1VuMx1iaAJE6foV+C3GDPQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "1WJr3usuzwZSP7U4KOlWQw==": { "id": "1WJr3usuzwZSP7U4KOlWQw==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "1WQ/LJu/kefEuHRv58l0Lw==": { "id": "1WQ/LJu/kefEuHRv58l0Lw==", "updater": "rhel-vex", "name": "CVE-2023-4734", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4734.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1bl4unQLbI6q/jTzaoJQRg==": { "id": "1bl4unQLbI6q/jTzaoJQRg==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "1bvtrVel884c6IQiJYPNBg==": { "id": "1bvtrVel884c6IQiJYPNBg==", "updater": "rhel-vex", "name": "CVE-2024-38477", "description": "A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2295016 https://www.cve.org/CVERecord?id=CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38477.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "httpd-tools", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "1lRtJofWFCTkQi0dreTmvg==": { "id": "1lRtJofWFCTkQi0dreTmvg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "1meZEc1EMJYaXdLY7UlMGw==": { "id": "1meZEc1EMJYaXdLY7UlMGw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1t5vfb4weBgYFo4+aa7JgA==": { "id": "1t5vfb4weBgYFo4+aa7JgA==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "1tXNc9f7mYHO8CgYcr40tg==": { "id": "1tXNc9f7mYHO8CgYcr40tg==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "1v7+DKu4v2iV80eUVeY2xA==": { "id": "1v7+DKu4v2iV80eUVeY2xA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "1w9jpJ9vgdmPUPdG9Zz/6A==": { "id": "1w9jpJ9vgdmPUPdG9Zz/6A==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "2/yRa3wTx1HFYWvwezDFBQ==": { "id": "2/yRa3wTx1HFYWvwezDFBQ==", "updater": "rhel-vex", "name": "CVE-2023-38709", "description": "A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38709 https://bugzilla.redhat.com/show_bug.cgi?id=2273491 https://www.cve.org/CVERecord?id=CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38709.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "21rba03Cro+scmMld7bHyw==": { "id": "21rba03Cro+scmMld7bHyw==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "25AN5NeRgxRTLC+pN8E4wA==": { "id": "25AN5NeRgxRTLC+pN8E4wA==", "updater": "rhel-vex", "name": "CVE-2022-44638", "description": "A flaw was found in pixman. This issue causes an out-of-bounds write in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. This can result in data corruption, a crash, or code execution.", "issued": "2022-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44638 https://bugzilla.redhat.com/show_bug.cgi?id=2139988 https://www.cve.org/CVERecord?id=CVE-2022-44638 https://nvd.nist.gov/vuln/detail/CVE-2022-44638 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44638.json https://access.redhat.com/errata/RHSA-2023:7754", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pixman", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.40.0-6.el9_3", "arch_op": "pattern match" }, "26+tys6VNeqYPHSmxQzD4g==": { "id": "26+tys6VNeqYPHSmxQzD4g==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "26vucREXNCmqzRQMZsDgrA==": { "id": "26vucREXNCmqzRQMZsDgrA==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "28dC110zGfcK67ZADcsyPw==": { "id": "28dC110zGfcK67ZADcsyPw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "2CeZCuCny7jSZBuuaMXULg==": { "id": "2CeZCuCny7jSZBuuaMXULg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "2I/0B+uXhxpPJWXGwNGlLw==": { "id": "2I/0B+uXhxpPJWXGwNGlLw==", "updater": "rhel-vex", "name": "CVE-2023-5344", "description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "issued": "2023-10-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2KjQzBO1IIuk/KGzN0rORA==": { "id": "2KjQzBO1IIuk/KGzN0rORA==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "2LFREC4djA2j3hoAmLfXHw==": { "id": "2LFREC4djA2j3hoAmLfXHw==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "2P9pgHkfyknvl5Uzl4wB2Q==": { "id": "2P9pgHkfyknvl5Uzl4wB2Q==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "2RZ3u6UmceVG9iB/xb73SA==": { "id": "2RZ3u6UmceVG9iB/xb73SA==", "updater": "rhel-vex", "name": "CVE-2022-2206", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2206.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2SApI7oHpcm9Z48+2Hj11w==": { "id": "2SApI7oHpcm9Z48+2Hj11w==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2UHqEqfMIIn53NkDlDEppQ==": { "id": "2UHqEqfMIIn53NkDlDEppQ==", "updater": "rhel-vex", "name": "CVE-2022-2923", "description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2923.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2WElWLVgdbllxdeDwfKP6Q==": { "id": "2WElWLVgdbllxdeDwfKP6Q==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "2dQp0PI1ZIP8LVvMDwgOAA==": { "id": "2dQp0PI1ZIP8LVvMDwgOAA==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "2eH9W4F26wqZW3F9p3BYsQ==": { "id": "2eH9W4F26wqZW3F9p3BYsQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "2ezxh/Mpkyyi/ENw60Y+Tg==": { "id": "2ezxh/Mpkyyi/ENw60Y+Tg==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "2gP65l63oYJnh+PzEYaVdQ==": { "id": "2gP65l63oYJnh+PzEYaVdQ==", "updater": "rhel-vex", "name": "CVE-2024-38477", "description": "A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2295016 https://www.cve.org/CVERecord?id=CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38477.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "mod_session", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "2luu38jiVQvy6qOXHFgpAg==": { "id": "2luu38jiVQvy6qOXHFgpAg==", "updater": "rhel-vex", "name": "CVE-2022-2042", "description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "issued": "2022-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2042.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2m66dHT2QDwJh4hvsW6NOQ==": { "id": "2m66dHT2QDwJh4hvsW6NOQ==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "2oAsA55oZeN431cp6jUJYA==": { "id": "2oAsA55oZeN431cp6jUJYA==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libquadmath-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "i686|ppc64le|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "2sdR4GjmaEV2ZFIV+TVU6A==": { "id": "2sdR4GjmaEV2ZFIV+TVU6A==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "2sm08sXcjWtT2Gtu3CdSug==": { "id": "2sm08sXcjWtT2Gtu3CdSug==", "updater": "rhel-vex", "name": "CVE-2022-1725", "description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1725.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3+809IKkEvKNvrYKsUMlFg==": { "id": "3+809IKkEvKNvrYKsUMlFg==", "updater": "rhel-vex", "name": "CVE-2022-46663", "description": "A vulnerability was found in less. This flaw allows crafted data to result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "issued": "2023-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-46663 https://bugzilla.redhat.com/show_bug.cgi?id=2169621 https://www.cve.org/CVERecord?id=CVE-2022-46663 https://nvd.nist.gov/vuln/detail/CVE-2022-46663 https://www.openwall.com/lists/oss-security/2023/02/07/7 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-46663.json https://access.redhat.com/errata/RHSA-2023:3725", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-2.el9_2", "arch_op": "pattern match" }, "3+Tq4mPPOiL6olm2GLk5Mg==": { "id": "3+Tq4mPPOiL6olm2GLk5Mg==", "updater": "rhel-vex", "name": "CVE-2025-49795", "description": "A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49795 https://bugzilla.redhat.com/show_bug.cgi?id=2372379 https://www.cve.org/CVERecord?id=CVE-2025-49795 https://nvd.nist.gov/vuln/detail/CVE-2025-49795 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49795.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "37d2lDe6jgMiPcPiJiMJ3g==": { "id": "37d2lDe6jgMiPcPiJiMJ3g==", "updater": "rhel-vex", "name": "CVE-2023-38709", "description": "A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38709 https://bugzilla.redhat.com/show_bug.cgi?id=2273491 https://www.cve.org/CVERecord?id=CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38709.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "37rq3GKzFLRjKO43i3PBdQ==": { "id": "37rq3GKzFLRjKO43i3PBdQ==", "updater": "rhel-vex", "name": "CVE-2024-39573", "description": "A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39573 https://bugzilla.redhat.com/show_bug.cgi?id=2295022 https://www.cve.org/CVERecord?id=CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39573.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-tools", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "3Cx+iG/vfM9lqpohAMM4kg==": { "id": "3Cx+iG/vfM9lqpohAMM4kg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "3IQGVR0IhaiZjAABEx0HWg==": { "id": "3IQGVR0IhaiZjAABEx0HWg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "3JWY1ykysfjEg17d0NJpug==": { "id": "3JWY1ykysfjEg17d0NJpug==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "3KEo4jXvkQ06R1naxLxnlw==": { "id": "3KEo4jXvkQ06R1naxLxnlw==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "3Lvdmj//2sze9S8I3n8yrw==": { "id": "3Lvdmj//2sze9S8I3n8yrw==", "updater": "rhel-vex", "name": "CVE-2023-0288", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "issued": "2023-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0288.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3P+SovAsTkymzTWYhGaJWA==": { "id": "3P+SovAsTkymzTWYhGaJWA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "3VdtHqtIaf9cjYBkwOn6/g==": { "id": "3VdtHqtIaf9cjYBkwOn6/g==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3WRC4Vl08/leTJ1MFHuCEg==": { "id": "3WRC4Vl08/leTJ1MFHuCEg==", "updater": "rhel-vex", "name": "CVE-2022-3297", "description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3297.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3XaVgHeIFJL3w2B85i3krw==": { "id": "3XaVgHeIFJL3w2B85i3krw==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "3ZKyipeUC49AgeVTU9guoQ==": { "id": "3ZKyipeUC49AgeVTU9guoQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "3ZiE6vWcUYh5mTVFYC5sDA==": { "id": "3ZiE6vWcUYh5mTVFYC5sDA==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "3ktHS+YZSMYXCkYy+yNUcA==": { "id": "3ktHS+YZSMYXCkYy+yNUcA==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "3lUu0msi+b5w2eDC2c6lRQ==": { "id": "3lUu0msi+b5w2eDC2c6lRQ==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "3mn5saqLeDWX1WioNLINeA==": { "id": "3mn5saqLeDWX1WioNLINeA==", "updater": "rhel-vex", "name": "CVE-2025-5244", "description": "A vulnerability was found in GNU Binutils up to version 2.44 and affects the elf_gc_sweep function of the bfd/elflink.c file of the component ld. The manipulation leads to memory corruption and a program crash. An attacker must have local access to exploit this vulnerability. Upgrading to version 2.45 is advised to address this issue.", "issued": "2025-05-27T13:00:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5244 https://bugzilla.redhat.com/show_bug.cgi?id=2368763 https://www.cve.org/CVERecord?id=CVE-2025-5244 https://nvd.nist.gov/vuln/detail/CVE-2025-5244 https://sourceware.org/bugzilla/attachment.cgi?id=16010 https://sourceware.org/bugzilla/show_bug.cgi?id=32858 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5 https://vuldb.com/?ctiid.310346 https://vuldb.com/?id.310346 https://vuldb.com/?submit.584634 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5244.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3nAPhkhwwHB9WGtChdPSFA==": { "id": "3nAPhkhwwHB9WGtChdPSFA==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "3p9vZY4Tp+ruzgOPju8G0g==": { "id": "3p9vZY4Tp+ruzgOPju8G0g==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "3rOn5tAbJKhw0oN7VHmMmA==": { "id": "3rOn5tAbJKhw0oN7VHmMmA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "3skSbDjTQ02+eNiFJz716g==": { "id": "3skSbDjTQ02+eNiFJz716g==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3uTwJ6BR3NYTj8voE9XrqA==": { "id": "3uTwJ6BR3NYTj8voE9XrqA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "3xkCSLCsiWI7SUm/x8evmQ==": { "id": "3xkCSLCsiWI7SUm/x8evmQ==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "3xq4PznUGaWv+UklhKhOCw==": { "id": "3xq4PznUGaWv+UklhKhOCw==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "4/3Y7GwVLJKqNxrUs7z52Q==": { "id": "4/3Y7GwVLJKqNxrUs7z52Q==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "48lNYnhXM2oSC4VxxSwcLw==": { "id": "48lNYnhXM2oSC4VxxSwcLw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "4BsuHz9ir1bEZRyqW1YH+g==": { "id": "4BsuHz9ir1bEZRyqW1YH+g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5838", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_2.1", "arch_op": "pattern match" }, "4C+2NmhWlLNDgrLkoCxMIQ==": { "id": "4C+2NmhWlLNDgrLkoCxMIQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "4LZWGm07jnOHHBGX2FzAwg==": { "id": "4LZWGm07jnOHHBGX2FzAwg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4Mw4z3LuOMDccJwKA3WDpw==": { "id": "4Mw4z3LuOMDccJwKA3WDpw==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "4QrV+iEIuMF03cMu4O7vuw==": { "id": "4QrV+iEIuMF03cMu4O7vuw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "4Rtn3AG5Qs+0wru36+KhEA==": { "id": "4Rtn3AG5Qs+0wru36+KhEA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "4VfXn7TjRykaoXxkvUAKLA==": { "id": "4VfXn7TjRykaoXxkvUAKLA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.4.el9_3", "arch_op": "pattern match" }, "4WTOrslnIqtUscmv3OpUqw==": { "id": "4WTOrslnIqtUscmv3OpUqw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "4aR9t5J6YwMk5D9wZ0BV7w==": { "id": "4aR9t5J6YwMk5D9wZ0BV7w==", "updater": "rhel-vex", "name": "CVE-2024-3651", "description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "issued": "2024-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-idna", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10-7.el9_4.1", "arch_op": "pattern match" }, "4asubKvJrlJVsaeeKleZeQ==": { "id": "4asubKvJrlJVsaeeKleZeQ==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_4.3", "arch_op": "pattern match" }, "4bsXMyNX8A2vDNbincmT7A==": { "id": "4bsXMyNX8A2vDNbincmT7A==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "4flqiPbmTauic3ijyT75yw==": { "id": "4flqiPbmTauic3ijyT75yw==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "4plj7t0DXbSOTUKYjPOSpw==": { "id": "4plj7t0DXbSOTUKYjPOSpw==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "4ujix5gnAeEadtReMww1pw==": { "id": "4ujix5gnAeEadtReMww1pw==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "4vHE1o0sxmJSfgr6AiAtqA==": { "id": "4vHE1o0sxmJSfgr6AiAtqA==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "51LUS52PmOp1zHrTW3se6w==": { "id": "51LUS52PmOp1zHrTW3se6w==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "53g2lPwzOLmoqCCLIr2InQ==": { "id": "53g2lPwzOLmoqCCLIr2InQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "58xY9Xj25VNzU8f4Nsn43Q==": { "id": "58xY9Xj25VNzU8f4Nsn43Q==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "59VgueYROa38mMA22PS/AQ==": { "id": "59VgueYROa38mMA22PS/AQ==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "5D5WFK01Su4Lrj4hhwDYGQ==": { "id": "5D5WFK01Su4Lrj4hhwDYGQ==", "updater": "rhel-vex", "name": "CVE-2024-43374", "description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "issued": "2024-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5DOUgppde1j9udFySlg7zQ==": { "id": "5DOUgppde1j9udFySlg7zQ==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "5DWxn7dmJcIfTQzzUA2+nA==": { "id": "5DWxn7dmJcIfTQzzUA2+nA==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "5T2EIrKRgMRvSYAqng7bdw==": { "id": "5T2EIrKRgMRvSYAqng7bdw==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "5l/3tusnYjPGFyuHyfqaIA==": { "id": "5l/3tusnYjPGFyuHyfqaIA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "5of57tJEHuBiwqXswgFnrQ==": { "id": "5of57tJEHuBiwqXswgFnrQ==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "5p9ME5NbZ6TNoBiTeUNQqQ==": { "id": "5p9ME5NbZ6TNoBiTeUNQqQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "5sCyFjUL7o/b27+YioN3Ow==": { "id": "5sCyFjUL7o/b27+YioN3Ow==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "64Y4k9USgW4ya/SnvXYkTw==": { "id": "64Y4k9USgW4ya/SnvXYkTw==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "67Vgi/1HrbHMdD5VblFjmw==": { "id": "67Vgi/1HrbHMdD5VblFjmw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "68PvFI3dajBFq18y9meP4w==": { "id": "68PvFI3dajBFq18y9meP4w==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "69RzM+mPmIVKA4t/SseDjA==": { "id": "69RzM+mPmIVKA4t/SseDjA==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "6AIniaqTl0bJ2gPE7++b5Q==": { "id": "6AIniaqTl0bJ2gPE7++b5Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "6GILJqctNxTbZFPR6fLtoA==": { "id": "6GILJqctNxTbZFPR6fLtoA==", "updater": "rhel-vex", "name": "CVE-2024-12086", "description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12086 https://bugzilla.redhat.com/show_bug.cgi?id=2330577 https://www.cve.org/CVERecord?id=CVE-2024-12086 https://nvd.nist.gov/vuln/detail/CVE-2024-12086 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12086.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6HkJItKZ+XnhCPZYnXp3mw==": { "id": "6HkJItKZ+XnhCPZYnXp3mw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "6J86dffyd+kQEKbjTTbD2Q==": { "id": "6J86dffyd+kQEKbjTTbD2Q==", "updater": "rhel-vex", "name": "CVE-2023-1916", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1916 https://bugzilla.redhat.com/show_bug.cgi?id=2185074 https://www.cve.org/CVERecord?id=CVE-2023-1916 https://nvd.nist.gov/vuln/detail/CVE-2023-1916 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6MW1lRUdNNc4s+6uD2JNvw==": { "id": "6MW1lRUdNNc4s+6uD2JNvw==", "updater": "rhel-vex", "name": "CVE-2022-2286", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2286.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6MdoTC7jzzEDMQoqINyh7Q==": { "id": "6MdoTC7jzzEDMQoqINyh7Q==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-headless", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "6Ol6gaAiysVTeqKKxe3zYw==": { "id": "6Ol6gaAiysVTeqKKxe3zYw==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "6QPo/X4W0vdkqzX5IoKaHQ==": { "id": "6QPo/X4W0vdkqzX5IoKaHQ==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "6RKXhkNv4lrUjonKaHJ87A==": { "id": "6RKXhkNv4lrUjonKaHJ87A==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "6asSIEJz7ggo9QEXpbSOYg==": { "id": "6asSIEJz7ggo9QEXpbSOYg==", "updater": "rhel-vex", "name": "CVE-2023-48236", "description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48236.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6c0JmFCu9UsZ7Ix2LCEP7Q==": { "id": "6c0JmFCu9UsZ7Ix2LCEP7Q==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "6dwQWrojfQ/1hgTT2PQckg==": { "id": "6dwQWrojfQ/1hgTT2PQckg==", "updater": "rhel-vex", "name": "CVE-2022-2129", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2129.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6eMjths7OctCI6zbpR/CJw==": { "id": "6eMjths7OctCI6zbpR/CJw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "6eOHn/o0NPz2WB6bK17c1Q==": { "id": "6eOHn/o0NPz2WB6bK17c1Q==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "6hAQW3vY9ZA/8datv1rY4g==": { "id": "6hAQW3vY9ZA/8datv1rY4g==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6hxITWtIkDQpBjQM5vKOkA==": { "id": "6hxITWtIkDQpBjQM5vKOkA==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "6jOQsxIUcEw0PlYEWTWq1A==": { "id": "6jOQsxIUcEw0PlYEWTWq1A==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "6o8ui0RxMttDzkyqTDO5tg==": { "id": "6o8ui0RxMttDzkyqTDO5tg==", "updater": "rhel-vex", "name": "CVE-2022-1616", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "issued": "2022-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1616.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6w1pf3mj/0p+mAIPBxQZkQ==": { "id": "6w1pf3mj/0p+mAIPBxQZkQ==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "7+zZLUPhCOA3BFrcusoKFg==": { "id": "7+zZLUPhCOA3BFrcusoKFg==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "71bLdSPDs291bHC5LW5Ijw==": { "id": "71bLdSPDs291bHC5LW5Ijw==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "71mUiqp9K+KrPPMFd0Gr9A==": { "id": "71mUiqp9K+KrPPMFd0Gr9A==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "770t4pMyoFDq+eckoFI12A==": { "id": "770t4pMyoFDq+eckoFI12A==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "7AoZZiCMmvqX9d9WD62FnQ==": { "id": "7AoZZiCMmvqX9d9WD62FnQ==", "updater": "rhel-vex", "name": "CVE-2023-4781", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "issued": "2023-09-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4781.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7JZ3MHJevu7noH+KiM70cQ==": { "id": "7JZ3MHJevu7noH+KiM70cQ==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "7MuHWimvOl+xLz/60d/lTw==": { "id": "7MuHWimvOl+xLz/60d/lTw==", "updater": "rhel-vex", "name": "CVE-2023-30079", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30079 https://bugzilla.redhat.com/show_bug.cgi?id=2234595 https://www.cve.org/CVERecord?id=CVE-2023-30079 https://nvd.nist.gov/vuln/detail/CVE-2023-30079 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30079.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "7S6xxC9g1Ybp0dqQ63V8tg==": { "id": "7S6xxC9g1Ybp0dqQ63V8tg==", "updater": "rhel-vex", "name": "CVE-2023-40403", "description": "A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling.", "issued": "2023-09-26T20:14:54Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40403 https://bugzilla.redhat.com/show_bug.cgi?id=2349766 https://www.cve.org/CVERecord?id=CVE-2023-40403 https://nvd.nist.gov/vuln/detail/CVE-2023-40403 http://seclists.org/fulldisclosure/2023/Oct/10 http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/4 http://seclists.org/fulldisclosure/2023/Oct/5 http://seclists.org/fulldisclosure/2023/Oct/6 http://seclists.org/fulldisclosure/2023/Oct/8 http://seclists.org/fulldisclosure/2023/Oct/9 https://bugs.chromium.org/p/chromium/issues/detail?id=1356211 https://bugzilla.gnome.org/show_bug.cgi?id=751621 https://gitlab.gnome.org/GNOME/libxslt/-/issues/94 https://support.apple.com/en-us/HT213927 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40403.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7TkNoBjD7xTi94PdPYIW9Q==": { "id": "7TkNoBjD7xTi94PdPYIW9Q==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "7U1Bqk3SYRpoUTT7MASRRw==": { "id": "7U1Bqk3SYRpoUTT7MASRRw==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "7aWKwXJ07Vv8zlZUA5Ndjw==": { "id": "7aWKwXJ07Vv8zlZUA5Ndjw==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "7cwLSPInvHIbCgGEnagmsg==": { "id": "7cwLSPInvHIbCgGEnagmsg==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "7gTVY7EcvrRvn7eolu6NCA==": { "id": "7gTVY7EcvrRvn7eolu6NCA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "7hPJiUcy4KRHxSw74P4Oog==": { "id": "7hPJiUcy4KRHxSw74P4Oog==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "7jE4UN8ZNzWXfNDZ8BZq3Q==": { "id": "7jE4UN8ZNzWXfNDZ8BZq3Q==", "updater": "rhel-vex", "name": "CVE-2025-47279", "description": "A memory leak vulnerability has been discovered in the Undici HTTP/1.1 client library. This flaw can be triggered by repeatedly calling a webhook endpoint that presents an invalid TLS certificate. Continuous interaction with such an endpoint can cause the Undici library to allocate memory without properly releasing it, potentially leading to excessive memory consumption. Over time, this could result in resource exhaustion, impacting the availability and stability of applications relying on Undici for webhook communication.", "issued": "2025-05-15T17:16:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47279 https://bugzilla.redhat.com/show_bug.cgi?id=2366632 https://www.cve.org/CVERecord?id=CVE-2025-47279 https://nvd.nist.gov/vuln/detail/CVE-2025-47279 https://github.com/nodejs/undici/issues/3895 https://github.com/nodejs/undici/pull/4088 https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47279.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7nWSET5rvC0ef4ukzNTUGQ==": { "id": "7nWSET5rvC0ef4ukzNTUGQ==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "7qDS+HgrJi3Ay2QIPvdk+Q==": { "id": "7qDS+HgrJi3Ay2QIPvdk+Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-interpreter", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "7tQ8bKKtgjjS+bXnpQbUEg==": { "id": "7tQ8bKKtgjjS+bXnpQbUEg==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "7vhPpb2zq/BkKbRrRdQ0ww==": { "id": "7vhPpb2zq/BkKbRrRdQ0ww==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "8090a+9YHf/MvdRFP7qTAw==": { "id": "8090a+9YHf/MvdRFP7qTAw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "88ysR3A2ahsOSzyaPsKqNw==": { "id": "88ysR3A2ahsOSzyaPsKqNw==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "89XrIFUuuXy08LkDR6XMOw==": { "id": "89XrIFUuuXy08LkDR6XMOw==", "updater": "rhel-vex", "name": "CVE-2021-31879", "description": "A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.", "issued": "2019-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-31879 https://bugzilla.redhat.com/show_bug.cgi?id=1955316 https://www.cve.org/CVERecord?id=CVE-2021-31879 https://nvd.nist.gov/vuln/detail/CVE-2021-31879 https://savannah.gnu.org/bugs/?56909 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-31879.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8BsUEMjLB96UtpRd1ludrg==": { "id": "8BsUEMjLB96UtpRd1ludrg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "8DhYVEV1dzifByqNyPf4bg==": { "id": "8DhYVEV1dzifByqNyPf4bg==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "8E2ckAPYq5vgQQfdGbTALQ==": { "id": "8E2ckAPYq5vgQQfdGbTALQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "8G+z1fKnaBhLZ4U4Rsu47Q==": { "id": "8G+z1fKnaBhLZ4U4Rsu47Q==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "8UUCxMXAfRtBuDf07+fISg==": { "id": "8UUCxMXAfRtBuDf07+fISg==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "8XP7l1FAhUYb80xnArQFXw==": { "id": "8XP7l1FAhUYb80xnArQFXw==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "8XwqZqDjDwlzB7f0TMDrGQ==": { "id": "8XwqZqDjDwlzB7f0TMDrGQ==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "8aSwzUYfWyRMjYYkrlqIfQ==": { "id": "8aSwzUYfWyRMjYYkrlqIfQ==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "8aYuxdRIfcCiBh+0fRkxNA==": { "id": "8aYuxdRIfcCiBh+0fRkxNA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "8aaFS1jGAsM+0YwLvTiCyw==": { "id": "8aaFS1jGAsM+0YwLvTiCyw==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "8bf/9sXhoTl2WtnvESwDMA==": { "id": "8bf/9sXhoTl2WtnvESwDMA==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "8efBqSZ3OYqd+nT8a21FNA==": { "id": "8efBqSZ3OYqd+nT8a21FNA==", "updater": "rhel-vex", "name": "CVE-2022-2287", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2287.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ge47rqVvHaefMV4OlZnlQ==": { "id": "8ge47rqVvHaefMV4OlZnlQ==", "updater": "rhel-vex", "name": "CVE-2022-2845", "description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2845.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8kndQj/aRn+NNJdGVP9v4g==": { "id": "8kndQj/aRn+NNJdGVP9v4g==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8mis5V7LLEsopZGf+JvtRA==": { "id": "8mis5V7LLEsopZGf+JvtRA==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "8rWOhaHoHBMFCHEiDeL3uw==": { "id": "8rWOhaHoHBMFCHEiDeL3uw==", "updater": "rhel-vex", "name": "CVE-2023-31122", "description": "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", "issued": "2023-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31122 https://bugzilla.redhat.com/show_bug.cgi?id=2245332 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://nvd.nist.gov/vuln/detail/CVE-2023-31122 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31122.json https://access.redhat.com/errata/RHSA-2024:2278", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-8.el9", "arch_op": "pattern match" }, "8x6vUoRScU+5Ju7vG69IKQ==": { "id": "8x6vUoRScU+5Ju7vG69IKQ==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "9+E0QW0srfacy6ztLngyRA==": { "id": "9+E0QW0srfacy6ztLngyRA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "9+bUlp7i9AtaUMBorQtDJw==": { "id": "9+bUlp7i9AtaUMBorQtDJw==", "updater": "rhel-vex", "name": "CVE-2023-27522", "description": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27522 https://bugzilla.redhat.com/show_bug.cgi?id=2176211 https://www.cve.org/CVERecord?id=CVE-2023-27522 https://nvd.nist.gov/vuln/detail/CVE-2023-27522 https://httpd.apache.org/security/vulnerabilities_24.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27522.json https://access.redhat.com/errata/RHSA-2023:6403", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-5.el9", "arch_op": "pattern match" }, "923JRnH+rmbRdHQ9dBwrUg==": { "id": "923JRnH+rmbRdHQ9dBwrUg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "93O9BjbBwz1jYmTNCzgkUw==": { "id": "93O9BjbBwz1jYmTNCzgkUw==", "updater": "rhel-vex", "name": "CVE-2022-2849", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2849.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "97FSGbdXOKFnU5MQ/Z+Y7w==": { "id": "97FSGbdXOKFnU5MQ/Z+Y7w==", "updater": "rhel-vex", "name": "CVE-2024-24795", "description": "A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24795 https://bugzilla.redhat.com/show_bug.cgi?id=2273499 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24795.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "httpd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "97VWHZ/vyLIDGiGVXUXTBA==": { "id": "97VWHZ/vyLIDGiGVXUXTBA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "9FKHFApkWswWkHyGdodK0g==": { "id": "9FKHFApkWswWkHyGdodK0g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "9FxECcZbmk1x7vUfH9Vvpg==": { "id": "9FxECcZbmk1x7vUfH9Vvpg==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "9GbtzMsgLkExAJB1dMn+YA==": { "id": "9GbtzMsgLkExAJB1dMn+YA==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "9O6eBDd9OtueXKQaS30JHQ==": { "id": "9O6eBDd9OtueXKQaS30JHQ==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "9O8vLtOdyUMO1soTy2OBGw==": { "id": "9O8vLtOdyUMO1soTy2OBGw==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "9VvdraQVg0WcP0owuX6zIQ==": { "id": "9VvdraQVg0WcP0owuX6zIQ==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "9YhtmVCizO8RKFaN3WBOPg==": { "id": "9YhtmVCizO8RKFaN3WBOPg==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "9avTgsTrB6zaN8UjZ37Wow==": { "id": "9avTgsTrB6zaN8UjZ37Wow==", "updater": "rhel-vex", "name": "CVE-2022-3153", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "issued": "2022-09-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3153.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9b3hAQW/ubh4v6zyl2M5Ig==": { "id": "9b3hAQW/ubh4v6zyl2M5Ig==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "9dkLAE16ea5bn2SgPP2mAw==": { "id": "9dkLAE16ea5bn2SgPP2mAw==", "updater": "rhel-vex", "name": "CVE-2024-38473", "description": "A flaw was found in the mod_proxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38473 https://bugzilla.redhat.com/show_bug.cgi?id=2295012 https://www.cve.org/CVERecord?id=CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38473.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-tools", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "9mEb2+hU1DreFKa7HJtbCQ==": { "id": "9mEb2+hU1DreFKa7HJtbCQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "9mXxz9VBx49eL0xR/fvdpQ==": { "id": "9mXxz9VBx49eL0xR/fvdpQ==", "updater": "rhel-vex", "name": "CVE-2022-24963", "description": "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24963 https://bugzilla.redhat.com/show_bug.cgi?id=2169465 https://www.cve.org/CVERecord?id=CVE-2022-24963 https://nvd.nist.gov/vuln/detail/CVE-2022-24963 https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24963.json https://access.redhat.com/errata/RHSA-2023:7711", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "apr", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-12.el9_3", "arch_op": "pattern match" }, "9pu2eJ6pNPg70BftHlHbGQ==": { "id": "9pu2eJ6pNPg70BftHlHbGQ==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "9vmn72qHgEMYqIwJkCbSLA==": { "id": "9vmn72qHgEMYqIwJkCbSLA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "A17E/jDMfAPfGiHuzUJcGQ==": { "id": "A17E/jDMfAPfGiHuzUJcGQ==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A6+P0KouhQ+leIPeQQbUvQ==": { "id": "A6+P0KouhQ+leIPeQQbUvQ==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "A6K1sza+52QsonC22ECRkA==": { "id": "A6K1sza+52QsonC22ECRkA==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "A7bcOuxkjccnpaTXIAxpLw==": { "id": "A7bcOuxkjccnpaTXIAxpLw==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "ABgAEtKLJJ3BQYa4+jCHyg==": { "id": "ABgAEtKLJJ3BQYa4+jCHyg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "AC/h2biWH6CpLZyJmbkLpA==": { "id": "AC/h2biWH6CpLZyJmbkLpA==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "AFlcPrbeGSHjmpG7oN3F/Q==": { "id": "AFlcPrbeGSHjmpG7oN3F/Q==", "updater": "rhel-vex", "name": "CVE-2023-27522", "description": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27522 https://bugzilla.redhat.com/show_bug.cgi?id=2176211 https://www.cve.org/CVERecord?id=CVE-2023-27522 https://nvd.nist.gov/vuln/detail/CVE-2023-27522 https://httpd.apache.org/security/vulnerabilities_24.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27522.json https://access.redhat.com/errata/RHSA-2023:6403", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_ssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:2.4.57-5.el9", "arch_op": "pattern match" }, "AIlN8RmMOvhBveVuVAyHQQ==": { "id": "AIlN8RmMOvhBveVuVAyHQQ==", "updater": "rhel-vex", "name": "CVE-2022-2874", "description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2874.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AJyzbdXx6v5s8tMexr4RUA==": { "id": "AJyzbdXx6v5s8tMexr4RUA==", "updater": "rhel-vex", "name": "CVE-2024-38477", "description": "A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2295016 https://www.cve.org/CVERecord?id=CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38477.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "httpd-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "ANTD4465iFd2bYqxnQnsuw==": { "id": "ANTD4465iFd2bYqxnQnsuw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "AOqYiSRMsYI7D2mmuqAtJA==": { "id": "AOqYiSRMsYI7D2mmuqAtJA==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "APxtpbji84L/LJLM7Dfq3g==": { "id": "APxtpbji84L/LJLM7Dfq3g==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "ARavVWjHmRczhaernCzJXQ==": { "id": "ARavVWjHmRczhaernCzJXQ==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "AUiFITCnRjRxctzqqbDeeA==": { "id": "AUiFITCnRjRxctzqqbDeeA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AWmsv3mH2jPlTL7bFyq8gQ==": { "id": "AWmsv3mH2jPlTL7bFyq8gQ==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "AYOaUiAITXfmzrid+CR2Og==": { "id": "AYOaUiAITXfmzrid+CR2Og==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "Ac0KMA8k9O8Mz75g/xX30g==": { "id": "Ac0KMA8k9O8Mz75g/xX30g==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "AdhtRMEnBdpFFyeSlUP6fA==": { "id": "AdhtRMEnBdpFFyeSlUP6fA==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Aet749oXCwhRnnY9gEGYGw==": { "id": "Aet749oXCwhRnnY9gEGYGw==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ah03jmj/7fQOqUbg05PtZg==": { "id": "Ah03jmj/7fQOqUbg05PtZg==", "updater": "rhel-vex", "name": "CVE-2023-0049", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "issued": "2023-01-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0049.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AqIetzkTw3mVI6hiusMy1w==": { "id": "AqIetzkTw3mVI6hiusMy1w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Aqat44uV/HXBHu8WYGkCVg==": { "id": "Aqat44uV/HXBHu8WYGkCVg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "AsiuN/8gu7sZ0PJCLihjmw==": { "id": "AsiuN/8gu7sZ0PJCLihjmw==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AtWoYkoBl9avwxLPtk70fw==": { "id": "AtWoYkoBl9avwxLPtk70fw==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "Aut4Rx2DyCQ33CV9EhAWrg==": { "id": "Aut4Rx2DyCQ33CV9EhAWrg==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "AwYRRq6SmgfJLn2NZxQUdw==": { "id": "AwYRRq6SmgfJLn2NZxQUdw==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ay+x1p5pYFwnvUSAM5q2ZA==": { "id": "Ay+x1p5pYFwnvUSAM5q2ZA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "B/+SfhbeumQponnHheNEVg==": { "id": "B/+SfhbeumQponnHheNEVg==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "B/Tetqnl0UD2oPlB1GgT7A==": { "id": "B/Tetqnl0UD2oPlB1GgT7A==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "B0fL+sYDQzqmMzEqrygeDA==": { "id": "B0fL+sYDQzqmMzEqrygeDA==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "BCs5XTdAELTlXaSYSPAeOw==": { "id": "BCs5XTdAELTlXaSYSPAeOw==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "BIL4VgfHRuxJ44ht2eAadA==": { "id": "BIL4VgfHRuxJ44ht2eAadA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "BLkI3n1XefyybyaipLStXA==": { "id": "BLkI3n1XefyybyaipLStXA==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "BNZj3OarLxcd8eifg2oBTQ==": { "id": "BNZj3OarLxcd8eifg2oBTQ==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "BO4mpvHlpA2VMxVuGCs5Gw==": { "id": "BO4mpvHlpA2VMxVuGCs5Gw==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "BQivQt20Anl3mLgiJoMKAA==": { "id": "BQivQt20Anl3mLgiJoMKAA==", "updater": "rhel-vex", "name": "CVE-2024-30205", "description": "A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30205 https://bugzilla.redhat.com/show_bug.cgi?id=2280298 https://www.cve.org/CVERecord?id=CVE-2024-30205 https://nvd.nist.gov/vuln/detail/CVE-2024-30205 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30205.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "BS5Qx6nN3HmM64VVoKmayw==": { "id": "BS5Qx6nN3HmM64VVoKmayw==", "updater": "rhel-vex", "name": "CVE-2022-3134", "description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3134.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BapmyYmbdpezf7zjj2CAhg==": { "id": "BapmyYmbdpezf7zjj2CAhg==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "BbM0NZsMsZnNUi1ybIzssw==": { "id": "BbM0NZsMsZnNUi1ybIzssw==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BecrebpzZRix36R6G4t6wg==": { "id": "BecrebpzZRix36R6G4t6wg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-mro", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23-481.el9", "arch_op": "pattern match" }, "BfDjqoaYrd0NKCGGxtokTg==": { "id": "BfDjqoaYrd0NKCGGxtokTg==", "updater": "rhel-vex", "name": "CVE-2023-48231", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48231.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BrBV5lr2Oniu9+XAGvI91A==": { "id": "BrBV5lr2Oniu9+XAGvI91A==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "C0CVf3gKIXy0pxUEC+HbFA==": { "id": "C0CVf3gKIXy0pxUEC+HbFA==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "C0mnxp1ZuFsafzGYQTHI0A==": { "id": "C0mnxp1ZuFsafzGYQTHI0A==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "C0udSo+foVK8TphEaJ9u7g==": { "id": "C0udSo+foVK8TphEaJ9u7g==", "updater": "rhel-vex", "name": "CVE-2017-1000383", "description": "It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data.", "issued": "2017-10-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-1000383 https://bugzilla.redhat.com/show_bug.cgi?id=1508788 https://www.cve.org/CVERecord?id=CVE-2017-1000383 https://nvd.nist.gov/vuln/detail/CVE-2017-1000383 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-1000383.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "emacs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "C38jEAZBH42pj/LK2zcQXw==": { "id": "C38jEAZBH42pj/LK2zcQXw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "C5HeGQfx/moQOawxL9uDeA==": { "id": "C5HeGQfx/moQOawxL9uDeA==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "C5gKZtjBskBnYM7k6flxDQ==": { "id": "C5gKZtjBskBnYM7k6flxDQ==", "updater": "rhel-vex", "name": "CVE-2024-38474", "description": "A flaw was found in the mod_rewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38474 https://bugzilla.redhat.com/show_bug.cgi?id=2295013 https://www.cve.org/CVERecord?id=CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38474.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "httpd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "C6yN0mcIXI4IYgVIgMrJhQ==": { "id": "C6yN0mcIXI4IYgVIgMrJhQ==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "CC2urzeaOFnRuxvwkpv06w==": { "id": "CC2urzeaOFnRuxvwkpv06w==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "CCTTGeQPsaGe9k69jAJeHQ==": { "id": "CCTTGeQPsaGe9k69jAJeHQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "CE8stTAUA4YcALeC7c3h/w==": { "id": "CE8stTAUA4YcALeC7c3h/w==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "CK9CzHa3OulJNeWEKej52g==": { "id": "CK9CzHa3OulJNeWEKej52g==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "CKVMoyANgkZKdV+dChbXnA==": { "id": "CKVMoyANgkZKdV+dChbXnA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "CKyr7yp8MCOkPhmRI+ObRw==": { "id": "CKyr7yp8MCOkPhmRI+ObRw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "CMfKq08vHhrrBqbayF4mSg==": { "id": "CMfKq08vHhrrBqbayF4mSg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "CMzEqcjHN3RVor5Wf45nAw==": { "id": "CMzEqcjHN3RVor5Wf45nAw==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "CMzlj/DB8hlGyo22oMBCaw==": { "id": "CMzlj/DB8hlGyo22oMBCaw==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "CNONWWLgmVwDA/lLfltdyg==": { "id": "CNONWWLgmVwDA/lLfltdyg==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "CQPV/OxtJ+DwYc6C4gniNQ==": { "id": "CQPV/OxtJ+DwYc6C4gniNQ==", "updater": "rhel-vex", "name": "CVE-2022-47008", "description": "A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47008 https://bugzilla.redhat.com/show_bug.cgi?id=2233984 https://www.cve.org/CVERecord?id=CVE-2022-47008 https://nvd.nist.gov/vuln/detail/CVE-2022-47008 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47008.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "CRdqDQfrlTpkB4MzpgBS0w==": { "id": "CRdqDQfrlTpkB4MzpgBS0w==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "Cc6iMT4c9IbcztVa+/nL0A==": { "id": "Cc6iMT4c9IbcztVa+/nL0A==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "Chjm0vNb++GJsagbOv8JHg==": { "id": "Chjm0vNb++GJsagbOv8JHg==", "updater": "rhel-vex", "name": "CVE-2022-24963", "description": "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24963 https://bugzilla.redhat.com/show_bug.cgi?id=2169465 https://www.cve.org/CVERecord?id=CVE-2022-24963 https://nvd.nist.gov/vuln/detail/CVE-2022-24963 https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24963.json https://access.redhat.com/errata/RHSA-2023:7711", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "apr-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-12.el9_3", "arch_op": "pattern match" }, "Co6RfgY4Y7Z+I8JqfwMvWA==": { "id": "Co6RfgY4Y7Z+I8JqfwMvWA==", "updater": "rhel-vex", "name": "CVE-2024-38477", "description": "A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2295016 https://www.cve.org/CVERecord?id=CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38477.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "httpd-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "CoMZiX0VsWNhKSQo1NCYkg==": { "id": "CoMZiX0VsWNhKSQo1NCYkg==", "updater": "rhel-vex", "name": "CVE-2025-1244", "description": "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.", "issued": "2025-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1244 https://bugzilla.redhat.com/show_bug.cgi?id=2345150 https://www.cve.org/CVERecord?id=CVE-2025-1244 https://nvd.nist.gov/vuln/detail/CVE-2025-1244 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1244.json https://access.redhat.com/errata/RHSA-2025:1915", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.1", "arch_op": "pattern match" }, "Cp0oKV+YHuWX9YmWfGn8dA==": { "id": "Cp0oKV+YHuWX9YmWfGn8dA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "CrxMnbVu5+FThOr/VFYAEg==": { "id": "CrxMnbVu5+FThOr/VFYAEg==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "D+2uHlEi8tdaITyQB5nD6Q==": { "id": "D+2uHlEi8tdaITyQB5nD6Q==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "D5fboEqFvUhlyR+olH/EaQ==": { "id": "D5fboEqFvUhlyR+olH/EaQ==", "updater": "rhel-vex", "name": "CVE-2024-47081", "description": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.", "issued": "2025-06-09T17:57:47Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47081 https://bugzilla.redhat.com/show_bug.cgi?id=2371272 https://www.cve.org/CVERecord?id=CVE-2024-47081 https://nvd.nist.gov/vuln/detail/CVE-2024-47081 http://seclists.org/fulldisclosure/2025/Jun/2 http://www.openwall.com/lists/oss-security/2025/06/03/11 http://www.openwall.com/lists/oss-security/2025/06/03/9 http://www.openwall.com/lists/oss-security/2025/06/04/1 http://www.openwall.com/lists/oss-security/2025/06/04/6 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef https://github.com/psf/requests/pull/6965 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env https://seclists.org/fulldisclosure/2025/Jun/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47081.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "D79PhiO8RfNrU+L/lhCrDA==": { "id": "D79PhiO8RfNrU+L/lhCrDA==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "D9Z9qtWFeJ7LhgKDi3BMAw==": { "id": "D9Z9qtWFeJ7LhgKDi3BMAw==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "DAaQgj58NrubTxbgg0RwcA==": { "id": "DAaQgj58NrubTxbgg0RwcA==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "DDxCHnX+kCqcRQj9b90/cg==": { "id": "DDxCHnX+kCqcRQj9b90/cg==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DLttSzeHzaVnO33nSnt80A==": { "id": "DLttSzeHzaVnO33nSnt80A==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "DNd0sdbW83acQbIl3FDaPw==": { "id": "DNd0sdbW83acQbIl3FDaPw==", "updater": "rhel-vex", "name": "CVE-2023-0054", "description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0054.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DSPVvHylac4gbedRKpFjFg==": { "id": "DSPVvHylac4gbedRKpFjFg==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "DSmK9l9jgnk+scTQzgngGw==": { "id": "DSmK9l9jgnk+scTQzgngGw==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "DTfL5gh0GrLkUT7aOd+/wg==": { "id": "DTfL5gh0GrLkUT7aOd+/wg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "DTpm5D1T1+v2b9B/xLLvPw==": { "id": "DTpm5D1T1+v2b9B/xLLvPw==", "updater": "rhel-vex", "name": "CVE-2024-39573", "description": "A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39573 https://bugzilla.redhat.com/show_bug.cgi?id=2295022 https://www.cve.org/CVERecord?id=CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39573.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_session", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "DWl94vpEWRXsnNv1XWboVA==": { "id": "DWl94vpEWRXsnNv1XWboVA==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools-wheel", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "DXBPUXYExkMtNfA8EJDngg==": { "id": "DXBPUXYExkMtNfA8EJDngg==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "DbCjVGiras7NuLFjZ3QehA==": { "id": "DbCjVGiras7NuLFjZ3QehA==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Dm5ECRumGLayYNxAg7NLuQ==": { "id": "Dm5ECRumGLayYNxAg7NLuQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "Dmj+1Th9y/xKrHIFa6FtQA==": { "id": "Dmj+1Th9y/xKrHIFa6FtQA==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "DqajPgSmNnfF5+bVSuLXZQ==": { "id": "DqajPgSmNnfF5+bVSuLXZQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "DsaGCyQOCA2KVqXwXEUIOg==": { "id": "DsaGCyQOCA2KVqXwXEUIOg==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "Du87KR4FeuPO1XKDGWPfTA==": { "id": "Du87KR4FeuPO1XKDGWPfTA==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "DuzMOMHOQ7Eh8s4YI9+INg==": { "id": "DuzMOMHOQ7Eh8s4YI9+INg==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "Dx77Vhdnp5MtAgyIT881TQ==": { "id": "Dx77Vhdnp5MtAgyIT881TQ==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "DxGDt323smYx6XdCiIYGnw==": { "id": "DxGDt323smYx6XdCiIYGnw==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "E4hG6+13EIXFy+bT9Iiwzw==": { "id": "E4hG6+13EIXFy+bT9Iiwzw==", "updater": "rhel-vex", "name": "CVE-2024-38473", "description": "A flaw was found in the mod_proxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38473 https://bugzilla.redhat.com/show_bug.cgi?id=2295012 https://www.cve.org/CVERecord?id=CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38473.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "E5lSSvXSqD/Le/zcid+OBw==": { "id": "E5lSSvXSqD/Le/zcid+OBw==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "E6F4Bsc58fK+0x+N9LY6gA==": { "id": "E6F4Bsc58fK+0x+N9LY6gA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "E9EdLLK3y+LgoPm72usdsw==": { "id": "E9EdLLK3y+LgoPm72usdsw==", "updater": "rhel-vex", "name": "CVE-2023-38709", "description": "A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38709 https://bugzilla.redhat.com/show_bug.cgi?id=2273491 https://www.cve.org/CVERecord?id=CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38709.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-tools", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "EBCuVKFXSUvVJtsrAG1ZDA==": { "id": "EBCuVKFXSUvVJtsrAG1ZDA==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "EH9PvjnpSsw6jAD9jLOUSw==": { "id": "EH9PvjnpSsw6jAD9jLOUSw==", "updater": "rhel-vex", "name": "CVE-2023-27522", "description": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27522 https://bugzilla.redhat.com/show_bug.cgi?id=2176211 https://www.cve.org/CVERecord?id=CVE-2023-27522 https://nvd.nist.gov/vuln/detail/CVE-2023-27522 https://httpd.apache.org/security/vulnerabilities_24.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27522.json https://access.redhat.com/errata/RHSA-2023:6403", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-5.el9", "arch_op": "pattern match" }, "EOnVsQprB+b/CxweVdPdqQ==": { "id": "EOnVsQprB+b/CxweVdPdqQ==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "ES+fyIBHuPDzcPe/BevT0Q==": { "id": "ES+fyIBHuPDzcPe/BevT0Q==", "updater": "rhel-vex", "name": "CVE-2023-31122", "description": "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", "issued": "2023-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31122 https://bugzilla.redhat.com/show_bug.cgi?id=2245332 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://nvd.nist.gov/vuln/detail/CVE-2023-31122 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31122.json https://access.redhat.com/errata/RHSA-2024:2278", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-8.el9", "arch_op": "pattern match" }, "EX/3XuRwSFTfBZGrORFwLg==": { "id": "EX/3XuRwSFTfBZGrORFwLg==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "EX13jwlAvLcmxkiAJWJrPg==": { "id": "EX13jwlAvLcmxkiAJWJrPg==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "EaJSiiuY1um/YT8igyfuLg==": { "id": "EaJSiiuY1um/YT8igyfuLg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "EdSmJzT79gNsCaz3hmp+zw==": { "id": "EdSmJzT79gNsCaz3hmp+zw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "EfJQ14qFSb1S0rB4VJRXzg==": { "id": "EfJQ14qFSb1S0rB4VJRXzg==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "EoQrZ5N7i4JBUoj0xAeL3Q==": { "id": "EoQrZ5N7i4JBUoj0xAeL3Q==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "EqLnU7jMVPn5Z4r8Gj2Qtw==": { "id": "EqLnU7jMVPn5Z4r8Gj2Qtw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "EscSZzHMq8GRhGtW0jKTqA==": { "id": "EscSZzHMq8GRhGtW0jKTqA==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "F/E7m2THTaTl0s46g5J9Qw==": { "id": "F/E7m2THTaTl0s46g5J9Qw==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "F5n5sm3U2fLvNwQ28Jm2Og==": { "id": "F5n5sm3U2fLvNwQ28Jm2Og==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "F6QBkHsQuDYkHPuVPox4pw==": { "id": "F6QBkHsQuDYkHPuVPox4pw==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "FAES1XlWFCETbKQytoq57Q==": { "id": "FAES1XlWFCETbKQytoq57Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.27-481.el9", "arch_op": "pattern match" }, "FDLDRBwyyvnmDzwGh+Zthw==": { "id": "FDLDRBwyyvnmDzwGh+Zthw==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "FDfDrXX29qA2yqQX58yr8w==": { "id": "FDfDrXX29qA2yqQX58yr8w==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "FE/mnRiATGHgivPxG+13dw==": { "id": "FE/mnRiATGHgivPxG+13dw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FHPslNj7tXQsRFJS3VoxWQ==": { "id": "FHPslNj7tXQsRFJS3VoxWQ==", "updater": "rhel-vex", "name": "CVE-2024-38473", "description": "A flaw was found in the mod_proxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38473 https://bugzilla.redhat.com/show_bug.cgi?id=2295012 https://www.cve.org/CVERecord?id=CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38473.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_ssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:2.4.57-11.el9_4", "arch_op": "pattern match" }, "FKfxYqe7reNA0NF11Vyh9A==": { "id": "FKfxYqe7reNA0NF11Vyh9A==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgfortran", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "FL8qoTgXQjuCQf4vtGJ2JA==": { "id": "FL8qoTgXQjuCQf4vtGJ2JA==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "FNarY2K/T7B+CZrdliMo/w==": { "id": "FNarY2K/T7B+CZrdliMo/w==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "FQtJqOj1l5gE8G+LeucL6A==": { "id": "FQtJqOj1l5gE8G+LeucL6A==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "FTimeCIaZqgfaiYItNFCYA==": { "id": "FTimeCIaZqgfaiYItNFCYA==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "FVTPqIs7vgGACMM0pfvvDw==": { "id": "FVTPqIs7vgGACMM0pfvvDw==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-gfortran", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "FXS+tkMUeaIsGZg1cGb4sg==": { "id": "FXS+tkMUeaIsGZg1cGb4sg==", "updater": "rhel-vex", "name": "CVE-2024-24806", "description": "A server-side request forgery (SSRF) flaw was found in the libuv package due to how the `hostname_ascii` variable is handled in `uv_getaddrinfo` and `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access internal APIs or for websites that allow users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.", "issued": "2024-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24806 https://bugzilla.redhat.com/show_bug.cgi?id=2263292 https://www.cve.org/CVERecord?id=CVE-2024-24806 https://nvd.nist.gov/vuln/detail/CVE-2024-24806 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://www.chainguard.dev/unchained/unpacking-libuvs-cve-2024-24806-software-dark-matter-will-go-under-the-radar-not-in-chainguard-images-tho https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24806.json https://access.redhat.com/errata/RHSA-2024:4756", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libuv", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.42.0-2.el9_4", "arch_op": "pattern match" }, "FdHZNK1wtI6/xHHLNOjd7w==": { "id": "FdHZNK1wtI6/xHHLNOjd7w==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "FfJbG9yXxM9ytWyYMkHuFQ==": { "id": "FfJbG9yXxM9ytWyYMkHuFQ==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "FgZEwRHfIJXFMTMxMr2/bA==": { "id": "FgZEwRHfIJXFMTMxMr2/bA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-DynaLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.47-481.el9", "arch_op": "pattern match" }, "FzdPtstZ+v9Poa4yJ7bYnA==": { "id": "FzdPtstZ+v9Poa4yJ7bYnA==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "Fzv3hLiqGP6JSExBxNthvw==": { "id": "Fzv3hLiqGP6JSExBxNthvw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "G2w3S+v/G+UFKZ7Ps1gf6w==": { "id": "G2w3S+v/G+UFKZ7Ps1gf6w==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "G5kVpuaICQ7VY8LlVpMzbA==": { "id": "G5kVpuaICQ7VY8LlVpMzbA==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "G6hgi2PyRML5jGfMJD1SYA==": { "id": "G6hgi2PyRML5jGfMJD1SYA==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "G8iBrrH6pg5tRGWhiEd67g==": { "id": "G8iBrrH6pg5tRGWhiEd67g==", "updater": "rhel-vex", "name": "CVE-2023-38709", "description": "A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38709 https://bugzilla.redhat.com/show_bug.cgi?id=2273491 https://www.cve.org/CVERecord?id=CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38709.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_ssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:2.4.62-1.el9", "arch_op": "pattern match" }, "GAn7gWUe2pFr7PbwechqxA==": { "id": "GAn7gWUe2pFr7PbwechqxA==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GBKJ1gcQDHFLbPDqgBAukQ==": { "id": "GBKJ1gcQDHFLbPDqgBAukQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "GIVyRte/bIBFWQmQv/ZQBw==": { "id": "GIVyRte/bIBFWQmQv/ZQBw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "GIYpweBhZIpsva7P5jGZwg==": { "id": "GIYpweBhZIpsva7P5jGZwg==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "GIt+rXiJ1hpuAn5rnaCDVQ==": { "id": "GIt+rXiJ1hpuAn5rnaCDVQ==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "GR80zW702W+xho6dTSNlyw==": { "id": "GR80zW702W+xho6dTSNlyw==", "updater": "rhel-vex", "name": "CVE-2024-24806", "description": "A server-side request forgery (SSRF) flaw was found in the libuv package due to how the `hostname_ascii` variable is handled in `uv_getaddrinfo` and `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access internal APIs or for websites that allow users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.", "issued": "2024-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24806 https://bugzilla.redhat.com/show_bug.cgi?id=2263292 https://www.cve.org/CVERecord?id=CVE-2024-24806 https://nvd.nist.gov/vuln/detail/CVE-2024-24806 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://www.chainguard.dev/unchained/unpacking-libuvs-cve-2024-24806-software-dark-matter-will-go-under-the-radar-not-in-chainguard-images-tho https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24806.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GRZKMxDpocVUp21tw3FZwQ==": { "id": "GRZKMxDpocVUp21tw3FZwQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "GXMpRf2go/wGEbwpp9BPPQ==": { "id": "GXMpRf2go/wGEbwpp9BPPQ==", "updater": "rhel-vex", "name": "CVE-2023-1175", "description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GfPY5zBbHJQI4ZGaDcJj2A==": { "id": "GfPY5zBbHJQI4ZGaDcJj2A==", "updater": "rhel-vex", "name": "CVE-2022-3278", "description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Gg97qi1BhqlOPIWqj2o4lQ==": { "id": "Gg97qi1BhqlOPIWqj2o4lQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "GjK0gO1QmNQJ/ZsCakqCdA==": { "id": "GjK0gO1QmNQJ/ZsCakqCdA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "GklzFsX1Kbjw7XUdLCRFCA==": { "id": "GklzFsX1Kbjw7XUdLCRFCA==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "GnBCRP9H+R6do428z3nOkQ==": { "id": "GnBCRP9H+R6do428z3nOkQ==", "updater": "rhel-vex", "name": "CVE-2021-4173", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4173.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Gt1/7zqpYq3ilRksfYs0Fw==": { "id": "Gt1/7zqpYq3ilRksfYs0Fw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "GtECMHzRoeZKh1TLvpCt+A==": { "id": "GtECMHzRoeZKh1TLvpCt+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IPC-Open3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21-481.el9", "arch_op": "pattern match" }, "Gu/ALKpmZ1E7BQoY+IaWwg==": { "id": "Gu/ALKpmZ1E7BQoY+IaWwg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "GuM8+Ku1VtBzfPk3/FCgzw==": { "id": "GuM8+Ku1VtBzfPk3/FCgzw==", "updater": "rhel-vex", "name": "CVE-2022-1056", "description": "Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1056 https://bugzilla.redhat.com/show_bug.cgi?id=2233599 https://www.cve.org/CVERecord?id=CVE-2022-1056 https://nvd.nist.gov/vuln/detail/CVE-2022-1056 https://security.gentoo.org/glsa/202210-10 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H8XwHNDIkW12mW+y74dsdQ==": { "id": "H8XwHNDIkW12mW+y74dsdQ==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "HBNeLxEkZsSJpiMycw8wTQ==": { "id": "HBNeLxEkZsSJpiMycw8wTQ==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "HHBOKYlzeD2Busv7btyBAA==": { "id": "HHBOKYlzeD2Busv7btyBAA==", "updater": "rhel-vex", "name": "CVE-2023-48232", "description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48232.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HLvoGwhsd63UA6zAEgp26g==": { "id": "HLvoGwhsd63UA6zAEgp26g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "HMiFxQxU1Vt50Eb0CRKJeA==": { "id": "HMiFxQxU1Vt50Eb0CRKJeA==", "updater": "rhel-vex", "name": "CVE-2023-27522", "description": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27522 https://bugzilla.redhat.com/show_bug.cgi?id=2176211 https://www.cve.org/CVERecord?id=CVE-2023-27522 https://nvd.nist.gov/vuln/detail/CVE-2023-27522 https://httpd.apache.org/security/vulnerabilities_24.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27522.json https://access.redhat.com/errata/RHSA-2023:6403", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_session", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-5.el9", "arch_op": "pattern match" }, "HOYwG5Rw5KtCLqSTp9IaXQ==": { "id": "HOYwG5Rw5KtCLqSTp9IaXQ==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "HRf9rV5BqUqr4i3wEvXYrQ==": { "id": "HRf9rV5BqUqr4i3wEvXYrQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "HSd9wkre9UmoZo6xukXnAA==": { "id": "HSd9wkre9UmoZo6xukXnAA==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-cloud-what", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "HT4k6+0VwtXXrNi4IFV2ug==": { "id": "HT4k6+0VwtXXrNi4IFV2ug==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "Hc5j0kmgZDlB2EO4dTIsQg==": { "id": "Hc5j0kmgZDlB2EO4dTIsQg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "HfZGsrRjUweyv1xugcWw9Q==": { "id": "HfZGsrRjUweyv1xugcWw9Q==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "Hk/EnuFgs+4rtDh2D0OPZg==": { "id": "Hk/EnuFgs+4rtDh2D0OPZg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "HlOu0EmTxHkjzmJeJEuJmw==": { "id": "HlOu0EmTxHkjzmJeJEuJmw==", "updater": "rhel-vex", "name": "CVE-2023-4735", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4735.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HtTTCkdsdyrj750LNNdG0A==": { "id": "HtTTCkdsdyrj750LNNdG0A==", "updater": "rhel-vex", "name": "CVE-2024-27316", "description": "A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27316 https://bugzilla.redhat.com/show_bug.cgi?id=2268277 https://www.cve.org/CVERecord?id=CVE-2024-27316 https://nvd.nist.gov/vuln/detail/CVE-2024-27316 https://httpd.apache.org/security/vulnerabilities_24.html https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27316.json https://access.redhat.com/errata/RHSA-2024:1872", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_http2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15.19-5.el9_3.1", "arch_op": "pattern match" }, "HtlDnK+y+r9VRRtbkfrq9Q==": { "id": "HtlDnK+y+r9VRRtbkfrq9Q==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "HxI42iSjURjRki+uV6q/9w==": { "id": "HxI42iSjURjRki+uV6q/9w==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I+Ki77X+PkV/7jCRuol3dQ==": { "id": "I+Ki77X+PkV/7jCRuol3dQ==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "I3KZ27LtYpZ2XCNeodSc3w==": { "id": "I3KZ27LtYpZ2XCNeodSc3w==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "I3vwwgMxzxWo15otCOgvAw==": { "id": "I3vwwgMxzxWo15otCOgvAw==", "updater": "rhel-vex", "name": "CVE-2021-3928", "description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3928.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I4m0z0FYouLpY3jsh2J5GQ==": { "id": "I4m0z0FYouLpY3jsh2J5GQ==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "I6USarzQiNF0WDmxnwYl6Q==": { "id": "I6USarzQiNF0WDmxnwYl6Q==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "I7b3yyckQy9LU5mucZUiSg==": { "id": "I7b3yyckQy9LU5mucZUiSg==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "I9QmITTVNIddrA04uAwHcg==": { "id": "I9QmITTVNIddrA04uAwHcg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "IDZTlFNxsI8j3vhOiq74iw==": { "id": "IDZTlFNxsI8j3vhOiq74iw==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "IH49b5rGGM3cVdLC9M6DXA==": { "id": "IH49b5rGGM3cVdLC9M6DXA==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "IID02HQhTZlIg+cNTgve3A==": { "id": "IID02HQhTZlIg+cNTgve3A==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "IUfmGrC0apdBsMp4kpsXwA==": { "id": "IUfmGrC0apdBsMp4kpsXwA==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IXgNENEfalASp1BgUmxapw==": { "id": "IXgNENEfalASp1BgUmxapw==", "updater": "rhel-vex", "name": "CVE-2024-39573", "description": "A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39573 https://bugzilla.redhat.com/show_bug.cgi?id=2295022 https://www.cve.org/CVERecord?id=CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39573.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "IZtUHMfco2qM2j88janpdw==": { "id": "IZtUHMfco2qM2j88janpdw==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "IeTK1HBLKpS1+gfVSPrpvg==": { "id": "IeTK1HBLKpS1+gfVSPrpvg==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IfJyKZ52fwKruf/mbOKmYg==": { "id": "IfJyKZ52fwKruf/mbOKmYg==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ihq7mkhGM9sf/8QM05o7gw==": { "id": "Ihq7mkhGM9sf/8QM05o7gw==", "updater": "rhel-vex", "name": "CVE-2023-6277", "description": "An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.", "issued": "2023-11-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6277 https://bugzilla.redhat.com/show_bug.cgi?id=2251311 https://www.cve.org/CVERecord?id=CVE-2023-6277 https://nvd.nist.gov/vuln/detail/CVE-2023-6277 https://gitlab.com/libtiff/libtiff/-/issues/614 https://gitlab.com/libtiff/libtiff/-/merge_requests/545 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6277.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IjpkBJ+ywcI88szIoeoHzQ==": { "id": "IjpkBJ+ywcI88szIoeoHzQ==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "Ikyc9EmuNiVgWGOKk4WZOA==": { "id": "Ikyc9EmuNiVgWGOKk4WZOA==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "InyvNMAfT1Zl5TKOPF5zkw==": { "id": "InyvNMAfT1Zl5TKOPF5zkw==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IpfgPSRwb+bSNtOR59K02g==": { "id": "IpfgPSRwb+bSNtOR59K02g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "IqDaL37gpmJkcaU5vU7y7Q==": { "id": "IqDaL37gpmJkcaU5vU7y7Q==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "IvL651FnAzrxSYOiOuXMlw==": { "id": "IvL651FnAzrxSYOiOuXMlw==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IwsFxNbWx/oOWnYknyaGEw==": { "id": "IwsFxNbWx/oOWnYknyaGEw==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "IxZeTNW5zQC3d6tA1UWyZw==": { "id": "IxZeTNW5zQC3d6tA1UWyZw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "IygWF+tpv/TjlYP5Xn2XFg==": { "id": "IygWF+tpv/TjlYP5Xn2XFg==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "IywEueim8Y+5rmUFlt6JAw==": { "id": "IywEueim8Y+5rmUFlt6JAw==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "IzwOgi1LaoKSG7s8r3KRmg==": { "id": "IzwOgi1LaoKSG7s8r3KRmg==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "J1cvee8xy6oZDEdA21dqEg==": { "id": "J1cvee8xy6oZDEdA21dqEg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "J4b5dVoVJ6TOvSQqt+geLg==": { "id": "J4b5dVoVJ6TOvSQqt+geLg==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "J629mzWgyseaiJdsccnC0w==": { "id": "J629mzWgyseaiJdsccnC0w==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "JD0llI0bGUOG/VBz+9LeVQ==": { "id": "JD0llI0bGUOG/VBz+9LeVQ==", "updater": "rhel-vex", "name": "CVE-2023-48235", "description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48235.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JFHwM9gmv9IjLHv0L9sxhw==": { "id": "JFHwM9gmv9IjLHv0L9sxhw==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "JMvG86yx6E9/tNvKXj3aXg==": { "id": "JMvG86yx6E9/tNvKXj3aXg==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "JNF5Te1xcV1nlv2CXSyRdg==": { "id": "JNF5Te1xcV1nlv2CXSyRdg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "JSPMHRCFZI0X3BUC808myA==": { "id": "JSPMHRCFZI0X3BUC808myA==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JSxIEGIOCwboUDoJZgS9fA==": { "id": "JSxIEGIOCwboUDoJZgS9fA==", "updater": "rhel-vex", "name": "CVE-2023-37920", "description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "issued": "2023-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "ca-certificates", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2024.2.69_v8.0.303-91.4.el9_4", "arch_op": "pattern match" }, "JTP7hkxyjG7h5CMk0jZbPg==": { "id": "JTP7hkxyjG7h5CMk0jZbPg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "JTwzSHX5xKxgTtyprecVew==": { "id": "JTwzSHX5xKxgTtyprecVew==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "JVuTqfPwohmj6ucokgM2sQ==": { "id": "JVuTqfPwohmj6ucokgM2sQ==", "updater": "rhel-vex", "name": "CVE-2021-27290", "description": "A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS). This issue only affects consumers\r\nusing the strict option. The highest threat from this vulnerability is to availability.", "issued": "2021-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-27290 https://bugzilla.redhat.com/show_bug.cgi?id=1941471 https://www.cve.org/CVERecord?id=CVE-2021-27290 https://nvd.nist.gov/vuln/detail/CVE-2021-27290 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-27290.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JVyIt0gF10G+gSN0xWt2Mw==": { "id": "JVyIt0gF10G+gSN0xWt2Mw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "Jek37tQeVdKEwtu+6a9/CA==": { "id": "Jek37tQeVdKEwtu+6a9/CA==", "updater": "rhel-vex", "name": "CVE-2024-53920", "description": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.", "issued": "2024-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-53920 https://bugzilla.redhat.com/show_bug.cgi?id=2329161 https://www.cve.org/CVERecord?id=CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920 https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-53920.json https://access.redhat.com/errata/RHSA-2025:4787", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.2", "arch_op": "pattern match" }, "Jh5o3RxPyg4est5mF2Kcww==": { "id": "Jh5o3RxPyg4est5mF2Kcww==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "Ji6OY1u39nJByKzCNwfpIw==": { "id": "Ji6OY1u39nJByKzCNwfpIw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JlVcDBeAbzDMosineu4gZQ==": { "id": "JlVcDBeAbzDMosineu4gZQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "JmKf//IQj2eMVJFTB1Feyw==": { "id": "JmKf//IQj2eMVJFTB1Feyw==", "updater": "rhel-vex", "name": "CVE-2023-48234", "description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48234.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jt3He7YgLEZ/8hIPk5cerQ==": { "id": "Jt3He7YgLEZ/8hIPk5cerQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "Jt4td1wEVlrBnm04zKxwBg==": { "id": "Jt4td1wEVlrBnm04zKxwBg==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "JtGggrfMckWn0xvfWBMJJQ==": { "id": "JtGggrfMckWn0xvfWBMJJQ==", "updater": "rhel-vex", "name": "CVE-2022-2210", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2210.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ju/rL4FlYx0PYzM0GQPByQ==": { "id": "Ju/rL4FlYx0PYzM0GQPByQ==", "updater": "rhel-vex", "name": "CVE-2024-39573", "description": "A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39573 https://bugzilla.redhat.com/show_bug.cgi?id=2295022 https://www.cve.org/CVERecord?id=CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39573.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_ldap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "JvC/rVWSiuNeMXzeTDRZHQ==": { "id": "JvC/rVWSiuNeMXzeTDRZHQ==", "updater": "rhel-vex", "name": "CVE-2025-29087", "description": "A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concat_ws function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29087 https://bugzilla.redhat.com/show_bug.cgi?id=2358028 https://www.cve.org/CVERecord?id=CVE-2025-29087 https://nvd.nist.gov/vuln/detail/CVE-2025-29087 https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29087.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "K1F1BogJuyquqVx4npl/+A==": { "id": "K1F1BogJuyquqVx4npl/+A==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "K3j3nYCvhPD02WXNRIsNow==": { "id": "K3j3nYCvhPD02WXNRIsNow==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "KC3vOAGbS28p1tBMqdebqA==": { "id": "KC3vOAGbS28p1tBMqdebqA==", "updater": "rhel-vex", "name": "CVE-2023-43622", "description": "A flaw was found in the mod_http2 module of httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely. This vulnerability can exhaust worker resources in the server, similar to the well-known \"slow loris\" attack pattern.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43622 https://bugzilla.redhat.com/show_bug.cgi?id=2245153 https://www.cve.org/CVERecord?id=CVE-2023-43622 https://nvd.nist.gov/vuln/detail/CVE-2023-43622 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-43622 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43622.json https://access.redhat.com/errata/RHSA-2024:2368", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_http2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.26-1.el9", "arch_op": "pattern match" }, "KC4H6WRPkYrWvXb9OC+odg==": { "id": "KC4H6WRPkYrWvXb9OC+odg==", "updater": "rhel-vex", "name": "CVE-2023-3164", "description": "A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.", "issued": "2023-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3164 https://bugzilla.redhat.com/show_bug.cgi?id=2213531 https://www.cve.org/CVERecord?id=CVE-2023-3164 https://nvd.nist.gov/vuln/detail/CVE-2023-3164 https://gitlab.com/libtiff/libtiff/-/issues/542 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3164.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGloE+M4iEjbEnlvrjLMAw==": { "id": "KGloE+M4iEjbEnlvrjLMAw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "KJGsgMArislsisVXSZHY4A==": { "id": "KJGsgMArislsisVXSZHY4A==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "KQYTpBGYLvLckEq7PBuFZQ==": { "id": "KQYTpBGYLvLckEq7PBuFZQ==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "KTq8KY5x881D0HtG7n7QGg==": { "id": "KTq8KY5x881D0HtG7n7QGg==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "KUOjtDtz5gm5LGaNBST3aA==": { "id": "KUOjtDtz5gm5LGaNBST3aA==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "KVmMrg2+bttNHDgckf/UHw==": { "id": "KVmMrg2+bttNHDgckf/UHw==", "updater": "rhel-vex", "name": "CVE-2023-31122", "description": "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", "issued": "2023-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31122 https://bugzilla.redhat.com/show_bug.cgi?id=2245332 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://nvd.nist.gov/vuln/detail/CVE-2023-31122 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31122.json https://access.redhat.com/errata/RHSA-2024:2278", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_ldap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-8.el9", "arch_op": "pattern match" }, "KWqotAAFzFGFp1GIUjXi0g==": { "id": "KWqotAAFzFGFp1GIUjXi0g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "KYv6PwzjV6/5I33cZ9LUmQ==": { "id": "KYv6PwzjV6/5I33cZ9LUmQ==", "updater": "rhel-vex", "name": "CVE-2022-2817", "description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2817.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KcLk8c2v0kqHAbhhwfgdpA==": { "id": "KcLk8c2v0kqHAbhhwfgdpA==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "Ki2f8cm5DZbpACKABDaU2A==": { "id": "Ki2f8cm5DZbpACKABDaU2A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IO", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.43-481.el9", "arch_op": "pattern match" }, "Kis76swMoxK60VoW2+1Vqg==": { "id": "Kis76swMoxK60VoW2+1Vqg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Kpiv/TrMWtjY1KddUGr9vw==": { "id": "Kpiv/TrMWtjY1KddUGr9vw==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Kqq2xlybjD/tOLmQWu2xPw==": { "id": "Kqq2xlybjD/tOLmQWu2xPw==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KsboTEAsiwsdLEKIDivkyA==": { "id": "KsboTEAsiwsdLEKIDivkyA==", "updater": "rhel-vex", "name": "CVE-2022-2175", "description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Kst/Nu97wF/raXev/kAkVw==": { "id": "Kst/Nu97wF/raXev/kAkVw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "KtIlAO0V0/KiMbIbmHHMGw==": { "id": "KtIlAO0V0/KiMbIbmHHMGw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "Ku0iCN64UKn/F7rmu3Ggjg==": { "id": "Ku0iCN64UKn/F7rmu3Ggjg==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KvTHt3xtdMy208hVDFxqHA==": { "id": "KvTHt3xtdMy208hVDFxqHA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "KwrizcJTvx0lAr8NWSRHvQ==": { "id": "KwrizcJTvx0lAr8NWSRHvQ==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "KxCt45mXPoAqi5/FDwG2sQ==": { "id": "KxCt45mXPoAqi5/FDwG2sQ==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "KzdT9magFP88tqWviAZYGQ==": { "id": "KzdT9magFP88tqWviAZYGQ==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "L+qJHYbmNjCvWQzRnuoGeg==": { "id": "L+qJHYbmNjCvWQzRnuoGeg==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "L2MoZbVdo8+qepBivoAPsQ==": { "id": "L2MoZbVdo8+qepBivoAPsQ==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "LEslQGmhIJ04LQz9Hsv8ZA==": { "id": "LEslQGmhIJ04LQz9Hsv8ZA==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "LFiejdPb02ZvCk9/k6M2OA==": { "id": "LFiejdPb02ZvCk9/k6M2OA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "LMrJ8zW3vxlqJrvFMbbCGA==": { "id": "LMrJ8zW3vxlqJrvFMbbCGA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Compare", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.100.600-481.el9", "arch_op": "pattern match" }, "LO9VaXNyE9wfPlXASM8Lgg==": { "id": "LO9VaXNyE9wfPlXASM8Lgg==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "LSAqFzw6Zn+0giD/kJYKYA==": { "id": "LSAqFzw6Zn+0giD/kJYKYA==", "updater": "rhel-vex", "name": "CVE-2024-39573", "description": "A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39573 https://bugzilla.redhat.com/show_bug.cgi?id=2295022 https://www.cve.org/CVERecord?id=CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39573.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_lua", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "LZai4kI3bS1bdNHfXbMh3Q==": { "id": "LZai4kI3bS1bdNHfXbMh3Q==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "LZdzSvscGWIhod3wQk0Rmw==": { "id": "LZdzSvscGWIhod3wQk0Rmw==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "LaPIpLP1bNzrRA3zu3KpCw==": { "id": "LaPIpLP1bNzrRA3zu3KpCw==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "LbxMFScix8C2IT1ci2nX0w==": { "id": "LbxMFScix8C2IT1ci2nX0w==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "LiT2UIJJCX7RQxuKZd5BaQ==": { "id": "LiT2UIJJCX7RQxuKZd5BaQ==", "updater": "rhel-vex", "name": "CVE-2023-43804", "description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "LkJjju2s50oKpBRyBT8s0A==": { "id": "LkJjju2s50oKpBRyBT8s0A==", "updater": "rhel-vex", "name": "CVE-2024-41965", "description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "issued": "2024-08-01T22:21:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lqn5gBEpKHg0aKgD2BjK4A==": { "id": "Lqn5gBEpKHg0aKgD2BjK4A==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "LyQcB6aDtcDf3FmzBVHSKQ==": { "id": "LyQcB6aDtcDf3FmzBVHSKQ==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "M0WxNlBrWr1WR0ACcsFS3w==": { "id": "M0WxNlBrWr1WR0ACcsFS3w==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "M1WTIWHPCj97YeJJsy4EZA==": { "id": "M1WTIWHPCj97YeJJsy4EZA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "M1s3OpYTLU/XtZADzTSFEA==": { "id": "M1s3OpYTLU/XtZADzTSFEA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "M3U4dY4DNzzwTtzYkhXUMA==": { "id": "M3U4dY4DNzzwTtzYkhXUMA==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "M9ekoeOzelYJSf4p5TpoJg==": { "id": "M9ekoeOzelYJSf4p5TpoJg==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "MLyBE3p9/9+LMOMl2JBi6w==": { "id": "MLyBE3p9/9+LMOMl2JBi6w==", "updater": "rhel-vex", "name": "CVE-2022-2343", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2343.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MMLwOzBcCET4jaa3dPuTwQ==": { "id": "MMLwOzBcCET4jaa3dPuTwQ==", "updater": "rhel-vex", "name": "CVE-2022-38533", "description": "A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.", "issued": "2022-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-38533 https://bugzilla.redhat.com/show_bug.cgi?id=2124569 https://www.cve.org/CVERecord?id=CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-38533.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MVgMJ2ENOjoZ0DpCkviICA==": { "id": "MVgMJ2ENOjoZ0DpCkviICA==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "MX+EWJzZdHJfUgD+GuMAoA==": { "id": "MX+EWJzZdHJfUgD+GuMAoA==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Mg8SgrJU+lTo8Y3PGUgkTA==": { "id": "Mg8SgrJU+lTo8Y3PGUgkTA==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "Mgltq6eR/1EGqVcVsD/SxA==": { "id": "Mgltq6eR/1EGqVcVsD/SxA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "Midk7Sf8BkLBIPjoLmMFTQ==": { "id": "Midk7Sf8BkLBIPjoLmMFTQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "Mjl9qiXGmFVVyugvKalN1w==": { "id": "Mjl9qiXGmFVVyugvKalN1w==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "Ml85HFgT+RUvCLz8nFVfxg==": { "id": "Ml85HFgT+RUvCLz8nFVfxg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "MwCK5PkH3kQTRDd4/IQ17Q==": { "id": "MwCK5PkH3kQTRDd4/IQ17Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libquadmath", "version": "", "kind": "binary", "normalized_version": "", "arch": "i686|ppc64le|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Mx7K+5VJ9q5MSCq5wzzrvA==": { "id": "Mx7K+5VJ9q5MSCq5wzzrvA==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "N0rRS+PZWKeXRoflok9RVw==": { "id": "N0rRS+PZWKeXRoflok9RVw==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "N2XBbpFgz82/BEKg4r/+yg==": { "id": "N2XBbpFgz82/BEKg4r/+yg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "NA1ZYlQUiA35ngK3uoa06A==": { "id": "NA1ZYlQUiA35ngK3uoa06A==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "NAeLRm7CJFLUTEpKQNt7kQ==": { "id": "NAeLRm7CJFLUTEpKQNt7kQ==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "NBh5fV9uZlTEErwbgzUbGA==": { "id": "NBh5fV9uZlTEErwbgzUbGA==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "NCMcU7toPLoiSBsDRD/Ecw==": { "id": "NCMcU7toPLoiSBsDRD/Ecw==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "NE9uxy8/WRNKYC1zs+0BLg==": { "id": "NE9uxy8/WRNKYC1zs+0BLg==", "updater": "rhel-vex", "name": "CVE-2024-38428", "description": "A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials.", "issued": "2024-06-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38428 https://bugzilla.redhat.com/show_bug.cgi?id=2292836 https://www.cve.org/CVERecord?id=CVE-2024-38428 https://nvd.nist.gov/vuln/detail/CVE-2024-38428 https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38428.json https://access.redhat.com/errata/RHSA-2024:6192", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_4", "arch_op": "pattern match" }, "NETfvu2mgbpmZZcrjbxOYg==": { "id": "NETfvu2mgbpmZZcrjbxOYg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "NHVF8uSdIs3qjmJ3d32Guw==": { "id": "NHVF8uSdIs3qjmJ3d32Guw==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "NLQ93UlmWlijzgx53r189A==": { "id": "NLQ93UlmWlijzgx53r189A==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "NOSEsCHJCzFo54uCS6XP/w==": { "id": "NOSEsCHJCzFo54uCS6XP/w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "NQLX1dwxKsZukJGLLOGUaw==": { "id": "NQLX1dwxKsZukJGLLOGUaw==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "NVw9L7wf5CkACfCMTn/ArA==": { "id": "NVw9L7wf5CkACfCMTn/ArA==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "NXbzIDafR9RChazwb+mfnA==": { "id": "NXbzIDafR9RChazwb+mfnA==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "NcPLoHAzsoXhM7GdshqtXA==": { "id": "NcPLoHAzsoXhM7GdshqtXA==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "Nd9jBPH5RBX4nCYx4+9Hiw==": { "id": "Nd9jBPH5RBX4nCYx4+9Hiw==", "updater": "osv/pypi", "name": "GHSA-r9hx-vwmv-q579", "description": "pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)", "issued": "2022-12-23T00:30:23Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://github.com/pypa/setuptools/issues/3659 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml https://github.com/pypa/setuptools https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages https://pyup.io/vulnerabilities/CVE-2022-40897/52495 https://security.netapp.com/advisory/ntap-20230214-0001 https://security.netapp.com/advisory/ntap-20240621-0006 https://setuptools.pypa.io/en/latest", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "NeZAaBfGrzLvaMKrJL7WlA==": { "id": "NeZAaBfGrzLvaMKrJL7WlA==", "updater": "rhel-vex", "name": "CVE-2024-45306", "description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "issued": "2024-09-02T18:15:36Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NpL+GEKVroRZflTiMJBC+w==": { "id": "NpL+GEKVroRZflTiMJBC+w==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "NqGNmtc5kTbIsAJujpk/5A==": { "id": "NqGNmtc5kTbIsAJujpk/5A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "NqnvbAJ9TE8i+K0jPU+gTA==": { "id": "NqnvbAJ9TE8i+K0jPU+gTA==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "NrmEp7ITzyyHtVTCw3MlhQ==": { "id": "NrmEp7ITzyyHtVTCw3MlhQ==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "Nsd5wG+dBhUvVktxuz/adg==": { "id": "Nsd5wG+dBhUvVktxuz/adg==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "NtEaMSL89ZwCt5W2naHiww==": { "id": "NtEaMSL89ZwCt5W2naHiww==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "NvjdcKqjYq4obYPMZ/O1bg==": { "id": "NvjdcKqjYq4obYPMZ/O1bg==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "O/NLHzmZCYYLTZKelvciHQ==": { "id": "O/NLHzmZCYYLTZKelvciHQ==", "updater": "rhel-vex", "name": "CVE-2023-31122", "description": "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", "issued": "2023-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31122 https://bugzilla.redhat.com/show_bug.cgi?id=2245332 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://nvd.nist.gov/vuln/detail/CVE-2023-31122 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31122.json https://access.redhat.com/errata/RHSA-2024:2278", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-tools", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-8.el9", "arch_op": "pattern match" }, "O1JHrWWpvsl8fn/ssFRoQg==": { "id": "O1JHrWWpvsl8fn/ssFRoQg==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "O2qd+cOqTbjZsgRTNj5NWQ==": { "id": "O2qd+cOqTbjZsgRTNj5NWQ==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6K8wxAPcmLr8qOIbQ6uMA==": { "id": "O6K8wxAPcmLr8qOIbQ6uMA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "OAFgQI0NLiTuwa5m3oeKvw==": { "id": "OAFgQI0NLiTuwa5m3oeKvw==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "OELX0txDNvSSX5G8K8KlJg==": { "id": "OELX0txDNvSSX5G8K8KlJg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "OFIelSTGJAvnMHk6/6CzoA==": { "id": "OFIelSTGJAvnMHk6/6CzoA==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ONllKJutmosR2fhHJ20IMw==": { "id": "ONllKJutmosR2fhHJ20IMw==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "OOLrbXnz5lf8CydNheih5Q==": { "id": "OOLrbXnz5lf8CydNheih5Q==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "OQR/VSsiAo45bFrdiKL3jg==": { "id": "OQR/VSsiAo45bFrdiKL3jg==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "ORubD27k37tqtYZsZEx/Eg==": { "id": "ORubD27k37tqtYZsZEx/Eg==", "updater": "rhel-vex", "name": "CVE-2024-38475", "description": "A flaw was found in the mod_rewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38475 https://bugzilla.redhat.com/show_bug.cgi?id=2295014 https://www.cve.org/CVERecord?id=CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38475.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "httpd-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "OWkDuwVWzveyu3TOzKkSvw==": { "id": "OWkDuwVWzveyu3TOzKkSvw==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "OXQ7H2CaA5DhIn9wkh9zjA==": { "id": "OXQ7H2CaA5DhIn9wkh9zjA==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "OXr+UvfSDAQbLGP4xOBSMw==": { "id": "OXr+UvfSDAQbLGP4xOBSMw==", "updater": "rhel-vex", "name": "CVE-2023-1127", "description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1127.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ob+LJ5zYHnbjt14Yf8W7UA==": { "id": "Ob+LJ5zYHnbjt14Yf8W7UA==", "updater": "rhel-vex", "name": "CVE-2022-3016", "description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3016.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OcdmgnoK0mo4PV3l7KupnQ==": { "id": "OcdmgnoK0mo4PV3l7KupnQ==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "OdcI0jF8LiFuCSbWJG8BVQ==": { "id": "OdcI0jF8LiFuCSbWJG8BVQ==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "OgH8cXFhnlU1l+TVwBIW/w==": { "id": "OgH8cXFhnlU1l+TVwBIW/w==", "updater": "rhel-vex", "name": "CVE-2024-38473", "description": "A flaw was found in the mod_proxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38473 https://bugzilla.redhat.com/show_bug.cgi?id=2295012 https://www.cve.org/CVERecord?id=CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38473.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_session", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "Ok8NxIuqNhCT8JI1zQlybg==": { "id": "Ok8NxIuqNhCT8JI1zQlybg==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "Opv2ZJKgUn+U/J0TWXn7uw==": { "id": "Opv2ZJKgUn+U/J0TWXn7uw==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "OrpwQ4JCTp8hxISKERrW4A==": { "id": "OrpwQ4JCTp8hxISKERrW4A==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "OwYAYm0dYhHTXejwRXBhmQ==": { "id": "OwYAYm0dYhHTXejwRXBhmQ==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "Oy4AY1sofsHwffgnEgjo5g==": { "id": "Oy4AY1sofsHwffgnEgjo5g==", "updater": "rhel-vex", "name": "CVE-2024-38473", "description": "A flaw was found in the mod_proxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38473 https://bugzilla.redhat.com/show_bug.cgi?id=2295012 https://www.cve.org/CVERecord?id=CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38473.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_lua", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "P/9UEa4H7U3EYHe3jfy0lw==": { "id": "P/9UEa4H7U3EYHe3jfy0lw==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "P3nYYaDmet+LJ8m5KZeEvw==": { "id": "P3nYYaDmet+LJ8m5KZeEvw==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "P4xlUSVilS8AN7gF8bwdxQ==": { "id": "P4xlUSVilS8AN7gF8bwdxQ==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "P9a8nTOFDYbTUSMNt0VDfg==": { "id": "P9a8nTOFDYbTUSMNt0VDfg==", "updater": "rhel-vex", "name": "CVE-2023-45918", "description": "A flaw was found in ncurses. Affected versions of this package contain a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.", "issued": "2024-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45918 https://bugzilla.redhat.com/show_bug.cgi?id=2300290 https://www.cve.org/CVERecord?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html https://security.netapp.com/advisory/ntap-20240315-0006/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PAUv+MU3xwsjx5jndGYXQA==": { "id": "PAUv+MU3xwsjx5jndGYXQA==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "PAbZTh6+C5MKjPK9CG1C7A==": { "id": "PAbZTh6+C5MKjPK9CG1C7A==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "PFkOtbxfD84tB8Q9CZmcRg==": { "id": "PFkOtbxfD84tB8Q9CZmcRg==", "updater": "rhel-vex", "name": "CVE-2024-24795", "description": "A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24795 https://bugzilla.redhat.com/show_bug.cgi?id=2273499 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24795.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "mod_session", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "PGExK42ORMqRWXq7JKsHPw==": { "id": "PGExK42ORMqRWXq7JKsHPw==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "PGH6wJrcNoWUtauBdnUVeg==": { "id": "PGH6wJrcNoWUtauBdnUVeg==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "PKR5CMlvS0neVhZ//kHCuw==": { "id": "PKR5CMlvS0neVhZ//kHCuw==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "PKlJ+iD3hwJNxdUvXPohzw==": { "id": "PKlJ+iD3hwJNxdUvXPohzw==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "PNIOf0qJAfA/0zwZhsKuTQ==": { "id": "PNIOf0qJAfA/0zwZhsKuTQ==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "PT1sohtQtbutC5G9fp60Bw==": { "id": "PT1sohtQtbutC5G9fp60Bw==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "PYpOjotUZ0rZ3yidSXAEiA==": { "id": "PYpOjotUZ0rZ3yidSXAEiA==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "PaMvfP1N6vwet3e3Ldca2Q==": { "id": "PaMvfP1N6vwet3e3Ldca2Q==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "PacJvOG68IlKYb9U+duwYA==": { "id": "PacJvOG68IlKYb9U+duwYA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "PcYbFEpwRLstXeojnKQIpQ==": { "id": "PcYbFEpwRLstXeojnKQIpQ==", "updater": "rhel-vex", "name": "CVE-2024-38476", "description": "A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 https://www.cve.org/CVERecord?id=CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38476.json https://access.redhat.com/errata/RHSA-2024:5138", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "mod_session", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4.1", "arch_op": "pattern match" }, "Pj9V3uC2c9o+P6lTpzzGeA==": { "id": "Pj9V3uC2c9o+P6lTpzzGeA==", "updater": "osv/pypi", "name": "PYSEC-2025-49", "description": "", "issued": "2025-05-17T16:15:19Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "Pp72Aea+vKOOy3uJudZhUw==": { "id": "Pp72Aea+vKOOy3uJudZhUw==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "Pq3RV2/GIWU1/C92gw9AoA==": { "id": "Pq3RV2/GIWU1/C92gw9AoA==", "updater": "rhel-vex", "name": "CVE-2024-38475", "description": "A flaw was found in the mod_rewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38475 https://bugzilla.redhat.com/show_bug.cgi?id=2295014 https://www.cve.org/CVERecord?id=CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38475.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "mod_lua", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "PrviK3G+tpQstfFpKzyLbQ==": { "id": "PrviK3G+tpQstfFpKzyLbQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "PsRF7Xq7dFAe19vnyA4U+Q==": { "id": "PsRF7Xq7dFAe19vnyA4U+Q==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-subscription-manager-rhsm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "PvZ0wY1WS+Oda/0LmsfVWg==": { "id": "PvZ0wY1WS+Oda/0LmsfVWg==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "Pza9Y2xtH9MChVMkZwgw2A==": { "id": "Pza9Y2xtH9MChVMkZwgw2A==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q+Mii4PvPrm3VuQah4UjJg==": { "id": "Q+Mii4PvPrm3VuQah4UjJg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Q/Pzrblh+S8zgQniIv+2cQ==": { "id": "Q/Pzrblh+S8zgQniIv+2cQ==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "Q0D37bmhhLGtYILIAMgFXg==": { "id": "Q0D37bmhhLGtYILIAMgFXg==", "updater": "rhel-vex", "name": "CVE-2022-2207", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2207.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q2EySKz2roj2mYOhGJQA3A==": { "id": "Q2EySKz2roj2mYOhGJQA3A==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "Q68PtYAoFZBVQr3VSCGeUg==": { "id": "Q68PtYAoFZBVQr3VSCGeUg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Q7aPQDMsGvkoOug//ojuyQ==": { "id": "Q7aPQDMsGvkoOug//ojuyQ==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Q8IjmHAyEPfSZ4ADo6BLIA==": { "id": "Q8IjmHAyEPfSZ4ADo6BLIA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Q8sE7E8pAQzfSs4FZ1Nn4Q==": { "id": "Q8sE7E8pAQzfSs4FZ1Nn4Q==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "Q9ZepVg3erGzmkHdoohUTw==": { "id": "Q9ZepVg3erGzmkHdoohUTw==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "QN/fQcKt84KRQN337M2Owg==": { "id": "QN/fQcKt84KRQN337M2Owg==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "QQ1upjXEDW7OiB4aR8O/8A==": { "id": "QQ1upjXEDW7OiB4aR8O/8A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overload", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.31-481.el9", "arch_op": "pattern match" }, "QScrbjVTtwLmwolS+TGkzw==": { "id": "QScrbjVTtwLmwolS+TGkzw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "QTcHwvmTXpVKkHS0xdfb9g==": { "id": "QTcHwvmTXpVKkHS0xdfb9g==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "QTm6CFJsupGe2cLQ3aQQbg==": { "id": "QTm6CFJsupGe2cLQ3aQQbg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "QX9gQ7esz1e73iQHmwojXA==": { "id": "QX9gQ7esz1e73iQHmwojXA==", "updater": "rhel-vex", "name": "CVE-2021-3973", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3973.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QYt7IWs4IVpEJ8zBDWXlaA==": { "id": "QYt7IWs4IVpEJ8zBDWXlaA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "QbgvVzhz2dr5BDvAUM6wFQ==": { "id": "QbgvVzhz2dr5BDvAUM6wFQ==", "updater": "rhel-vex", "name": "CVE-2022-2304", "description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2304.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Qd2XnJZ3qaQ3AbyDXUaR2A==": { "id": "Qd2XnJZ3qaQ3AbyDXUaR2A==", "updater": "osv/pypi", "name": "PYSEC-2022-43012", "description": "", "issued": "2022-12-23T00:15:00Z", "links": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/ https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://pyup.io/vulnerabilities/CVE-2022-40897/52495/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "QdWNLqhuTXgATozRsAAucA==": { "id": "QdWNLqhuTXgATozRsAAucA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Qe1reyLPtQVZ5wKqKa9jQA==": { "id": "Qe1reyLPtQVZ5wKqKa9jQA==", "updater": "rhel-vex", "name": "CVE-2022-0213", "description": "A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0213.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QenEWurn4r/HUaULM7xKAA==": { "id": "QenEWurn4r/HUaULM7xKAA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "QgRg8usqYLpC2SzTmhUKsQ==": { "id": "QgRg8usqYLpC2SzTmhUKsQ==", "updater": "rhel-vex", "name": "CVE-2025-22134", "description": "A flaw was found in Vim. Due to Vim not properly terminating visual mode, a heap buffer overflow condition may be triggered when a user switches buffers using the `:all` command. This issue may lead to unexpected behavior, such as an application crash or memory corruption.", "issued": "2025-01-13T20:41:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22134 https://bugzilla.redhat.com/show_bug.cgi?id=2337437 https://www.cve.org/CVERecord?id=CVE-2025-22134 https://nvd.nist.gov/vuln/detail/CVE-2025-22134 https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22134.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Qixdjpm4eBW53WCypmEm2Q==": { "id": "Qixdjpm4eBW53WCypmEm2Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "QpmPmJkImbP3BLZVoQ/PBw==": { "id": "QpmPmJkImbP3BLZVoQ/PBw==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "Qrr5Q+c0TZSBOI5u+k3BAw==": { "id": "Qrr5Q+c0TZSBOI5u+k3BAw==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "R1x4adkbkgVhxc9hzgUZcA==": { "id": "R1x4adkbkgVhxc9hzgUZcA==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "R4PdQqTg3zX9vQ/fEWwKRw==": { "id": "R4PdQqTg3zX9vQ/fEWwKRw==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "RATpPhLUqjEbe+XxyYxOOw==": { "id": "RATpPhLUqjEbe+XxyYxOOw==", "updater": "rhel-vex", "name": "CVE-2022-2257", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "issued": "2022-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2257.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RCSfHTV46eUaJTK1sFhTkQ==": { "id": "RCSfHTV46eUaJTK1sFhTkQ==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "REQ1oCrPc44If+EvIQNDoA==": { "id": "REQ1oCrPc44If+EvIQNDoA==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "RIB897UdZi2GShqV1cDBcw==": { "id": "RIB897UdZi2GShqV1cDBcw==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "RIwina92/O63CIQtdCj6Ug==": { "id": "RIwina92/O63CIQtdCj6Ug==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:6746", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_3.1", "arch_op": "pattern match" }, "RKm8LatNKPXzMDZ7Bt6URA==": { "id": "RKm8LatNKPXzMDZ7Bt6URA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "RLfmH4oizoEHB59VpAV6Kg==": { "id": "RLfmH4oizoEHB59VpAV6Kg==", "updater": "rhel-vex", "name": "CVE-2024-30203", "description": "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30203 https://bugzilla.redhat.com/show_bug.cgi?id=2280296 https://www.cve.org/CVERecord?id=CVE-2024-30203 https://nvd.nist.gov/vuln/detail/CVE-2024-30203 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30203.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "RN6TSHl2tPC2sDXkr9F2dw==": { "id": "RN6TSHl2tPC2sDXkr9F2dw==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "RQQmMvzO7YiyLb0Zr1ojVQ==": { "id": "RQQmMvzO7YiyLb0Zr1ojVQ==", "updater": "rhel-vex", "name": "CVE-2024-38477", "description": "A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2295016 https://www.cve.org/CVERecord?id=CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38477.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "mod_lua", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "RRRidvlWfinrbdr+19nt9g==": { "id": "RRRidvlWfinrbdr+19nt9g==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "RTIOYNKa5k5ts9Kih1+7yw==": { "id": "RTIOYNKa5k5ts9Kih1+7yw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "RbbjYwzsUzC1jY9FlfA7DA==": { "id": "RbbjYwzsUzC1jY9FlfA7DA==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "icu", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rd2hVVbUws+mcvoC7DaoiQ==": { "id": "Rd2hVVbUws+mcvoC7DaoiQ==", "updater": "rhel-vex", "name": "CVE-2022-4292", "description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4292.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RfP0HFLmxGH5ZWk1oGaF+A==": { "id": "RfP0HFLmxGH5ZWk1oGaF+A==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "RiLxHaGbiEKepqyUULRcvQ==": { "id": "RiLxHaGbiEKepqyUULRcvQ==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "RlOfhoCCkdSSaNMAmR7TiQ==": { "id": "RlOfhoCCkdSSaNMAmR7TiQ==", "updater": "rhel-vex", "name": "CVE-2021-23336", "description": "The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", "issued": "2021-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-23336 https://bugzilla.redhat.com/show_bug.cgi?id=1928904 https://www.cve.org/CVERecord?id=CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-23336.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RnXEkSuORl14LlzYthaVHw==": { "id": "RnXEkSuORl14LlzYthaVHw==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "RoQvxPrgcpXyTej834bT2Q==": { "id": "RoQvxPrgcpXyTej834bT2Q==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RqavhGB1siExZjIV6Gyz2Q==": { "id": "RqavhGB1siExZjIV6Gyz2Q==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "RrbNEAZ+bJrZ+zzACvAjBw==": { "id": "RrbNEAZ+bJrZ+zzACvAjBw==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "Rs2w9Uui+dW2Lg48Ml6jpw==": { "id": "Rs2w9Uui+dW2Lg48Ml6jpw==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RtSOg3g9DhQAy4EV/TL4ow==": { "id": "RtSOg3g9DhQAy4EV/TL4ow==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RwD1qkwqXeIcCzzyTwz+cg==": { "id": "RwD1qkwqXeIcCzzyTwz+cg==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "RxwFiIUPJYMo6r5lfv+sdQ==": { "id": "RxwFiIUPJYMo6r5lfv+sdQ==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S26cXHzIjCvMHy8DUlbXOg==": { "id": "S26cXHzIjCvMHy8DUlbXOg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "S3QNU6jy5TEnJU2t9h6F+A==": { "id": "S3QNU6jy5TEnJU2t9h6F+A==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "S5Dzz9cigoJDCj8s5UcT0g==": { "id": "S5Dzz9cigoJDCj8s5UcT0g==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7J4DP2UGDEb5PoiShUqwg==": { "id": "S7J4DP2UGDEb5PoiShUqwg==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "S8k5xDZW6CKWQt5V5/wRBA==": { "id": "S8k5xDZW6CKWQt5V5/wRBA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "SDm/mWtE0NpXgrgtbv569w==": { "id": "SDm/mWtE0NpXgrgtbv569w==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SFC0+CA5TX05a3ET5nJAfQ==": { "id": "SFC0+CA5TX05a3ET5nJAfQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "SFFvu1KKVcKnTOZLT8Kd6g==": { "id": "SFFvu1KKVcKnTOZLT8Kd6g==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Fcntl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.13-481.el9", "arch_op": "pattern match" }, "SH6jsaECmWs0mj3SMlChWA==": { "id": "SH6jsaECmWs0mj3SMlChWA==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SJNAwbr1JxOIEghGlwyxyg==": { "id": "SJNAwbr1JxOIEghGlwyxyg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SM2joNFusXvykl0QgMtP9A==": { "id": "SM2joNFusXvykl0QgMtP9A==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "SMyGjqekq81yBZNPHrQjPg==": { "id": "SMyGjqekq81yBZNPHrQjPg==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "SP1EdxoIK8b9TT6i0Yg6VQ==": { "id": "SP1EdxoIK8b9TT6i0Yg6VQ==", "updater": "rhel-vex", "name": "CVE-2024-38475", "description": "A flaw was found in the mod_rewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38475 https://bugzilla.redhat.com/show_bug.cgi?id=2295014 https://www.cve.org/CVERecord?id=CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38475.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "mod_session", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "SPY2CCRLRTXm0jZ9H6uG7w==": { "id": "SPY2CCRLRTXm0jZ9H6uG7w==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "SPfe8rryClHnE6BuUSP4YA==": { "id": "SPfe8rryClHnE6BuUSP4YA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "SPxMxLW2DZ8IvP04UR/H6g==": { "id": "SPxMxLW2DZ8IvP04UR/H6g==", "updater": "rhel-vex", "name": "CVE-2025-5683", "description": "A flaw was found in qt. Loading a specially crafted ICNS image file within QImage results in a crash. This flaw allows a local attacker to provide a malicious image. The vulnerability is exploited via the image loading process, leading to application termination.", "issued": "2025-06-05T05:31:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5683 https://bugzilla.redhat.com/show_bug.cgi?id=2370384 https://www.cve.org/CVERecord?id=CVE-2025-5683 https://nvd.nist.gov/vuln/detail/CVE-2025-5683 https://codereview.qt-project.org/c/qt/qtimageformats/+/644548 https://issues.oss-fuzz.com/issues/415350704 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5683.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SRtj8i4HsQkjCyC1YPMDYw==": { "id": "SRtj8i4HsQkjCyC1YPMDYw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "SSAJUNd+iNG0Dh0JEHjSXA==": { "id": "SSAJUNd+iNG0Dh0JEHjSXA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Getopt-Std", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.12-481.el9", "arch_op": "pattern match" }, "Sa5f5jPlFl2oY9IDRio54A==": { "id": "Sa5f5jPlFl2oY9IDRio54A==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "Shxtnoeb6rhU/fPKJVP5cQ==": { "id": "Shxtnoeb6rhU/fPKJVP5cQ==", "updater": "rhel-vex", "name": "CVE-2023-22745", "description": "A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` index into the `layer_handler` with an 8-bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries. Trying to add a handler for higher-numbered layers or to decode a response code with a layer number, reads/writes past the end of the buffer. This buffer overrun could result in arbitrary code execution. An example attack is a man-in-the-middle (MiTM) bus attack that returns 0xFFFFFFFFFF for the RC. Given the common use case of TPM modules, an attacker must have local access to the target machine with local system privileges, which allows access to the TPM system. Usually, TPM access requires administrative privileges.", "issued": "2023-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2162610 https://www.cve.org/CVERecord?id=CVE-2023-22745 https://nvd.nist.gov/vuln/detail/CVE-2023-22745 https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22745.json https://access.redhat.com/errata/RHSA-2023:6685", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.2-2.el9", "arch_op": "pattern match" }, "SkebAuLx4OQKa5x3b2ygUw==": { "id": "SkebAuLx4OQKa5x3b2ygUw==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "SmczXqxeZRCcJykxG3Abrg==": { "id": "SmczXqxeZRCcJykxG3Abrg==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "SppkJsOzm+2zbTRc6NQFQQ==": { "id": "SppkJsOzm+2zbTRc6NQFQQ==", "updater": "rhel-vex", "name": "CVE-2024-38474", "description": "A flaw was found in the mod_rewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38474 https://bugzilla.redhat.com/show_bug.cgi?id=2295013 https://www.cve.org/CVERecord?id=CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38474.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "mod_lua", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "SstbtJyplu6wT0tmTKbr8w==": { "id": "SstbtJyplu6wT0tmTKbr8w==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "StRqIVsXN6NcVuvirqAMOg==": { "id": "StRqIVsXN6NcVuvirqAMOg==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "SvhQ7tNvl6ANrVnaJ4cBNw==": { "id": "SvhQ7tNvl6ANrVnaJ4cBNw==", "updater": "rhel-vex", "name": "CVE-2022-3099", "description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3099.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Syx/gjnL4FVa+aLlI5iPYA==": { "id": "Syx/gjnL4FVa+aLlI5iPYA==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "T+8eeJxD0Rq4071H40RizQ==": { "id": "T+8eeJxD0Rq4071H40RizQ==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "T52mfTsBnquWm4qc3cKfWA==": { "id": "T52mfTsBnquWm4qc3cKfWA==", "updater": "rhel-vex", "name": "CVE-2025-5455", "description": "A flaw was found in QtCore's qDecodeDataUrl() function. This vulnerability allows an application level denial of service via a malformed data URL with a missing charset value when assertions are enabled.", "issued": "2025-06-02T08:46:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5455 https://bugzilla.redhat.com/show_bug.cgi?id=2369722 https://www.cve.org/CVERecord?id=CVE-2025-5455 https://nvd.nist.gov/vuln/detail/CVE-2025-5455 https://codereview.qt-project.org/c/qt/qtbase/+/642006 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5455.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T5Nghm4crNWWnUrYvZZItg==": { "id": "T5Nghm4crNWWnUrYvZZItg==", "updater": "rhel-vex", "name": "CVE-2022-2124", "description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2124.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TEF4EUykdkNyGpiEfXqY/w==": { "id": "TEF4EUykdkNyGpiEfXqY/w==", "updater": "rhel-vex", "name": "CVE-2024-36387", "description": "A flaw was found in the Apache HTTP Server. Serving WebSocket protocol upgrades over an HTTP/2 connection could result in a NULL pointer dereference, leading to a crash of the server process.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36387 https://bugzilla.redhat.com/show_bug.cgi?id=2295006 https://www.cve.org/CVERecord?id=CVE-2024-36387 https://nvd.nist.gov/vuln/detail/CVE-2024-36387 https://httpd.apache.org/security/vulnerabilities_24.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36387.json https://access.redhat.com/errata/RHSA-2024:8680", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "mod_http2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.26-2.el9_4.1", "arch_op": "pattern match" }, "TEg+H5IUFEuL8/4VudXtEg==": { "id": "TEg+H5IUFEuL8/4VudXtEg==", "updater": "rhel-vex", "name": "CVE-2022-3554", "description": "A flaw was found in LibX11. There is a possible memory leak in the _XimRegisterIMInstantiateCallback() of modules/im/ximcp/imsClbk.c. This issue may lead to limited availability.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3554 https://bugzilla.redhat.com/show_bug.cgi?id=2136411 https://www.cve.org/CVERecord?id=CVE-2022-3554 https://nvd.nist.gov/vuln/detail/CVE-2022-3554 https://ubuntu.com/security/CVE-2022-3554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3554.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TIcWaTRsDD52irGN4xUQyA==": { "id": "TIcWaTRsDD52irGN4xUQyA==", "updater": "rhel-vex", "name": "CVE-2022-2125", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2125.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TR5BMIE90A4aYm4WW7+gRQ==": { "id": "TR5BMIE90A4aYm4WW7+gRQ==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "TV+RoO9Hh3TnH7l4rpQ7AA==": { "id": "TV+RoO9Hh3TnH7l4rpQ7AA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "TVqcz/CPKXEaCyVgxqS/9A==": { "id": "TVqcz/CPKXEaCyVgxqS/9A==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "TalBIBBcOPRavGaHJsTMkg==": { "id": "TalBIBBcOPRavGaHJsTMkg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.3.el9_2", "arch_op": "pattern match" }, "Tf9GPe0ffQbxf7Wogt3Fhw==": { "id": "Tf9GPe0ffQbxf7Wogt3Fhw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ThmcBPFcasOrE2B95BADjQ==": { "id": "ThmcBPFcasOrE2B95BADjQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "TidlERP60Pc/L340CB6P5w==": { "id": "TidlERP60Pc/L340CB6P5w==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "TjEkLXWfvQA8WSrW/tqybA==": { "id": "TjEkLXWfvQA8WSrW/tqybA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "Toocv9UWe2zbLkvuaDfUkA==": { "id": "Toocv9UWe2zbLkvuaDfUkA==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "TszqopCoskBv4coMA3/peg==": { "id": "TszqopCoskBv4coMA3/peg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TuIebhRPZqFoqMu/B2oY2g==": { "id": "TuIebhRPZqFoqMu/B2oY2g==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "TyiFIiRoY884rekStii+yw==": { "id": "TyiFIiRoY884rekStii+yw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "U0WTbuk2H1FMZfvvwahshg==": { "id": "U0WTbuk2H1FMZfvvwahshg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "U6qBKCP/toaRYToALpEUAg==": { "id": "U6qBKCP/toaRYToALpEUAg==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "UBzPfwycyyJOBETwdSTG/w==": { "id": "UBzPfwycyyJOBETwdSTG/w==", "updater": "rhel-vex", "name": "CVE-2024-47814", "description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "issued": "2024-10-07T21:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UCH2epLcJUWMTm+igZOEXg==": { "id": "UCH2epLcJUWMTm+igZOEXg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "UFifyy6/bFh+Jtu5aKnN5A==": { "id": "UFifyy6/bFh+Jtu5aKnN5A==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "UNpQq3W7NuU/YvxyKob7dQ==": { "id": "UNpQq3W7NuU/YvxyKob7dQ==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "UcmwUm0wHBjv37lXXIJfRw==": { "id": "UcmwUm0wHBjv37lXXIJfRw==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "UgygbzqyqNSQmVxqENV7uQ==": { "id": "UgygbzqyqNSQmVxqENV7uQ==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "Uj8LW6E8/nymbtTqNalKaw==": { "id": "Uj8LW6E8/nymbtTqNalKaw==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "Ujwv/4JgPM6iMrQpcjcONA==": { "id": "Ujwv/4JgPM6iMrQpcjcONA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "UyrXKlV/F8Ngo4hTkS7IlQ==": { "id": "UyrXKlV/F8Ngo4hTkS7IlQ==", "updater": "rhel-vex", "name": "CVE-2022-48624", "description": "A flaw was found in less. The close_altfile() function in filename.c omits shell_quote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48624 https://bugzilla.redhat.com/show_bug.cgi?id=2265081 https://www.cve.org/CVERecord?id=CVE-2022-48624 https://nvd.nist.gov/vuln/detail/CVE-2022-48624 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48624.json https://access.redhat.com/errata/RHSA-2024:1692", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-3.el9_3", "arch_op": "pattern match" }, "V/wACq4t8ybFKWNGSTGOqQ==": { "id": "V/wACq4t8ybFKWNGSTGOqQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V0122WZRlA5XXWrSlR4bmA==": { "id": "V0122WZRlA5XXWrSlR4bmA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "V9lyeZvue30g1R6RiITjAw==": { "id": "V9lyeZvue30g1R6RiITjAw==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "VDf6d6jM2A0p/K+7RsIMFg==": { "id": "VDf6d6jM2A0p/K+7RsIMFg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "VIGh6VPQOivNmVhFo2OTaA==": { "id": "VIGh6VPQOivNmVhFo2OTaA==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "VMq7c5UxVfK0QVgxJQyC8w==": { "id": "VMq7c5UxVfK0QVgxJQyC8w==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "VOg7AkFDBokEo83cvkABxg==": { "id": "VOg7AkFDBokEo83cvkABxg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "VRs8KQ+fl8HuGMz4R8czFA==": { "id": "VRs8KQ+fl8HuGMz4R8czFA==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "VTdtsdUTUm6LaoM4gIpvYw==": { "id": "VTdtsdUTUm6LaoM4gIpvYw==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "VVkxgZwgg7/nXkUWcx1KaQ==": { "id": "VVkxgZwgg7/nXkUWcx1KaQ==", "updater": "rhel-vex", "name": "CVE-2021-45078", "description": "An out-of-bounds flaw was found in binutils’ stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.", "issued": "2021-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45078 https://bugzilla.redhat.com/show_bug.cgi?id=2033715 https://www.cve.org/CVERecord?id=CVE-2021-45078 https://nvd.nist.gov/vuln/detail/CVE-2021-45078 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45078.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VWEbeFnFOHy1IkG21b5a5g==": { "id": "VWEbeFnFOHy1IkG21b5a5g==", "updater": "rhel-vex", "name": "CVE-2023-30571", "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VYjcIIEd3zBO1n6h+JpdVA==": { "id": "VYjcIIEd3zBO1n6h+JpdVA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "VaI9oASdZliWzEmaptNeNg==": { "id": "VaI9oASdZliWzEmaptNeNg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "VaKG59F2yakPJAEOFL4Asg==": { "id": "VaKG59F2yakPJAEOFL4Asg==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "Vcn3jN4hVRksfYeeqif75w==": { "id": "Vcn3jN4hVRksfYeeqif75w==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "VdZltxXzmKHh3CVFAqDYMw==": { "id": "VdZltxXzmKHh3CVFAqDYMw==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "Ve1jg9SxTDjeNdfGHjxP2g==": { "id": "Ve1jg9SxTDjeNdfGHjxP2g==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VeYabM3XwaLL8BU4Jh7KXg==": { "id": "VeYabM3XwaLL8BU4Jh7KXg==", "updater": "rhel-vex", "name": "CVE-2016-20012", "description": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product", "issued": "2016-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2016-20012 https://bugzilla.redhat.com/show_bug.cgi?id=2048523 https://www.cve.org/CVERecord?id=CVE-2016-20012 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 https://security.access.redhat.com/data/csaf/v2/vex/2016/cve-2016-20012.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VobzA5akuxgpQXC8/BOSTQ==": { "id": "VobzA5akuxgpQXC8/BOSTQ==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "VxRLWFqTfef2SiU0r16wew==": { "id": "VxRLWFqTfef2SiU0r16wew==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "VzBrcD6XqIzEjbmGcOkvIg==": { "id": "VzBrcD6XqIzEjbmGcOkvIg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libquadmath-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "i686|ppc64le|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "W+p5JmA7ns+QxSud6NKuiQ==": { "id": "W+p5JmA7ns+QxSud6NKuiQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "W0TAw6aTfwXOMlJwloDkZA==": { "id": "W0TAw6aTfwXOMlJwloDkZA==", "updater": "rhel-vex", "name": "CVE-2021-4136", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4136.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W6jgJQ6TJhJN8A/I0fmHVw==": { "id": "W6jgJQ6TJhJN8A/I0fmHVw==", "updater": "rhel-vex", "name": "CVE-2024-38475", "description": "A flaw was found in the mod_rewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38475 https://bugzilla.redhat.com/show_bug.cgi?id=2295014 https://www.cve.org/CVERecord?id=CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38475.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "mod_ldap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "W9IBxWrtUMKgo5IOhKlFMw==": { "id": "W9IBxWrtUMKgo5IOhKlFMw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "WEdA5uyUUAV71glqMuGYiw==": { "id": "WEdA5uyUUAV71glqMuGYiw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "WFrv8p2tWC1QYt0r0wFMIg==": { "id": "WFrv8p2tWC1QYt0r0wFMIg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "WIbunUW6+W30QKZc5Tmqzw==": { "id": "WIbunUW6+W30QKZc5Tmqzw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "WJBwm4d60DO+1FjtmE8o6w==": { "id": "WJBwm4d60DO+1FjtmE8o6w==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "WJS8qOOq39ghNxcfIty3tg==": { "id": "WJS8qOOq39ghNxcfIty3tg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Errno", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.30-481.el9", "arch_op": "pattern match" }, "WKEI7EQhRkCAgIF18HZjKg==": { "id": "WKEI7EQhRkCAgIF18HZjKg==", "updater": "rhel-vex", "name": "CVE-2023-32573", "description": "A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32573 https://bugzilla.redhat.com/show_bug.cgi?id=2208135 https://www.cve.org/CVERecord?id=CVE-2023-32573 https://nvd.nist.gov/vuln/detail/CVE-2023-32573 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32573.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "WN9impUbRzm+dw9sY8IWzg==": { "id": "WN9impUbRzm+dw9sY8IWzg==", "updater": "rhel-vex", "name": "CVE-2023-52355", "description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://www.cve.org/CVERecord?id=CVE-2023-52355 https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52355.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WOZhfkOPgECPNSR7cqBWXQ==": { "id": "WOZhfkOPgECPNSR7cqBWXQ==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "WQMOAsYgGrv9Z81CukkfSg==": { "id": "WQMOAsYgGrv9Z81CukkfSg==", "updater": "rhel-vex", "name": "CVE-2024-32487", "description": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.", "issued": "2024-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32487 https://bugzilla.redhat.com/show_bug.cgi?id=2274980 https://www.cve.org/CVERecord?id=CVE-2024-32487 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 https://www.openwall.com/lists/oss-security/2024/04/12/5 https://www.openwall.com/lists/oss-security/2024/04/13/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32487.json https://access.redhat.com/errata/RHSA-2024:3513", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-4.el9_4", "arch_op": "pattern match" }, "WYq9HRfAbPxjnZEMhN73Qg==": { "id": "WYq9HRfAbPxjnZEMhN73Qg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "Wa6ckvi19N85obTr27Z/+w==": { "id": "Wa6ckvi19N85obTr27Z/+w==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "WcYPrwv9PSVoVoof5MRsxQ==": { "id": "WcYPrwv9PSVoVoof5MRsxQ==", "updater": "osv/pypi", "name": "PYSEC-2023-228", "description": "", "issued": "2023-10-25T18:17:00Z", "links": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ https://github.com/pypa/pip/pull/12306", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "WjwqFYHIpeFIRVSB9rQ7Rg==": { "id": "WjwqFYHIpeFIRVSB9rQ7Rg==", "updater": "rhel-vex", "name": "CVE-2024-38474", "description": "A flaw was found in the mod_rewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38474 https://bugzilla.redhat.com/show_bug.cgi?id=2295013 https://www.cve.org/CVERecord?id=CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38474.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "httpd-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "Wsq+mYbQsKJ0v5uT9JRfhQ==": { "id": "Wsq+mYbQsKJ0v5uT9JRfhQ==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "WvFMXlBuN1xBtbJATgFX8g==": { "id": "WvFMXlBuN1xBtbJATgFX8g==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "Wvo6vOf6spcLE2C+GaDeyA==": { "id": "Wvo6vOf6spcLE2C+GaDeyA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "WyYfV4qukI0O3aVuym2nzw==": { "id": "WyYfV4qukI0O3aVuym2nzw==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "Wz8kfsjiUN7loN7RE4toRg==": { "id": "Wz8kfsjiUN7loN7RE4toRg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Wzh+oxEmmD8N98PMCI2K3A==": { "id": "Wzh+oxEmmD8N98PMCI2K3A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "X0yRty1CAF/BkqF0tnfBQQ==": { "id": "X0yRty1CAF/BkqF0tnfBQQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "X10PEbhI2yv6KYFUPacecg==": { "id": "X10PEbhI2yv6KYFUPacecg==", "updater": "rhel-vex", "name": "CVE-2022-1619", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1619.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X1XbXShyT1+HQUnA5EVJNw==": { "id": "X1XbXShyT1+HQUnA5EVJNw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "X2Ku0r4j5/TnyjHzd2AMwA==": { "id": "X2Ku0r4j5/TnyjHzd2AMwA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "X3NBOrSivf9I926V0a2/oQ==": { "id": "X3NBOrSivf9I926V0a2/oQ==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X3WuoMxfqKQH/0bF7PkAAQ==": { "id": "X3WuoMxfqKQH/0bF7PkAAQ==", "updater": "rhel-vex", "name": "CVE-2022-3235", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3235.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X4CDljJQJsftQ2RA57ftuw==": { "id": "X4CDljJQJsftQ2RA57ftuw==", "updater": "rhel-vex", "name": "CVE-2021-3807", "description": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.", "issued": "2021-09-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3807 https://bugzilla.redhat.com/show_bug.cgi?id=2007557 https://www.cve.org/CVERecord?id=CVE-2021-3807 https://nvd.nist.gov/vuln/detail/CVE-2021-3807 https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3807.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X58g4IHG7dfM9qsUqybFEQ==": { "id": "X58g4IHG7dfM9qsUqybFEQ==", "updater": "rhel-vex", "name": "CVE-2023-31122", "description": "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", "issued": "2023-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31122 https://bugzilla.redhat.com/show_bug.cgi?id=2245332 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://nvd.nist.gov/vuln/detail/CVE-2023-31122 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31122.json https://access.redhat.com/errata/RHSA-2024:2278", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_session", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-8.el9", "arch_op": "pattern match" }, "X7NcvhdjfBWompKVMizhTQ==": { "id": "X7NcvhdjfBWompKVMizhTQ==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "XB4RQ8WaFJuxAC8ZgyKRNA==": { "id": "XB4RQ8WaFJuxAC8ZgyKRNA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "XD8Zer8JIEHfKGC4G2WfMA==": { "id": "XD8Zer8JIEHfKGC4G2WfMA==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "XEJvX5LybNvCwdnogSEXGw==": { "id": "XEJvX5LybNvCwdnogSEXGw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "XG6XCizQonEnnNOuXOQWQg==": { "id": "XG6XCizQonEnnNOuXOQWQg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "XL13OgM64iwln6Z42dkwJg==": { "id": "XL13OgM64iwln6Z42dkwJg==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "XL1Nv8y45q8aiA92A99YyA==": { "id": "XL1Nv8y45q8aiA92A99YyA==", "updater": "rhel-vex", "name": "CVE-2023-0512", "description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "issued": "2023-01-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0512.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XMRntDldPNvYaEN1H/aMEA==": { "id": "XMRntDldPNvYaEN1H/aMEA==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "XMZYTX/i7lOXfIPea0g5sg==": { "id": "XMZYTX/i7lOXfIPea0g5sg==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access via incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw, due to a mismatch between bytes and characters.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XW4X9/W6MfETfE/VICA4Jw==": { "id": "XW4X9/W6MfETfE/VICA4Jw==", "updater": "rhel-vex", "name": "CVE-2025-1376", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the function elf_strptr in /libelf/elf_strptr.c.", "issued": "2025-02-17T04:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1376 https://bugzilla.redhat.com/show_bug.cgi?id=2346061 https://www.cve.org/CVERecord?id=CVE-2025-1376 https://nvd.nist.gov/vuln/detail/CVE-2025-1376 https://sourceware.org/bugzilla/attachment.cgi?id=15940 https://sourceware.org/bugzilla/show_bug.cgi?id=32672 https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3 https://vuldb.com/?ctiid.295984 https://vuldb.com/?id.295984 https://vuldb.com/?submit.497538 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1376.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XWaBdbEJiHpYXT1f1eBk1Q==": { "id": "XWaBdbEJiHpYXT1f1eBk1Q==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XaAEuH+mpvQipMTbWh8nFA==": { "id": "XaAEuH+mpvQipMTbWh8nFA==", "updater": "rhel-vex", "name": "CVE-2023-45802", "description": "A flaw was found in mod_http2. When a HTTP/2 stream is reset (RST frame) by a client, there is a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open, causing the memory footprint to keep on growing. On connection close, all resources are reclaimed but the process might run out of memory before connection close.", "issued": "2023-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45802 https://bugzilla.redhat.com/show_bug.cgi?id=2243877 https://www.cve.org/CVERecord?id=CVE-2023-45802 https://nvd.nist.gov/vuln/detail/CVE-2023-45802 https://httpd.apache.org/security/vulnerabilities_24.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45802.json https://access.redhat.com/errata/RHSA-2024:2368", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_http2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.26-1.el9", "arch_op": "pattern match" }, "XbcsPhUJZcz9SAjlyzA2Tw==": { "id": "XbcsPhUJZcz9SAjlyzA2Tw==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Xd13Zf2Hfkk86nXadq2UDw==": { "id": "Xd13Zf2Hfkk86nXadq2UDw==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Xd8tQ0FXTmb0dMN8/OnXTg==": { "id": "Xd8tQ0FXTmb0dMN8/OnXTg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "XeJxNps2a1xzV61fNDZUHg==": { "id": "XeJxNps2a1xzV61fNDZUHg==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "Xh7qucrAcTPJpjwtifDAOw==": { "id": "Xh7qucrAcTPJpjwtifDAOw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "Xm/zEP9A9rmz22EcVk3YrA==": { "id": "Xm/zEP9A9rmz22EcVk3YrA==", "updater": "rhel-vex", "name": "CVE-2023-38709", "description": "A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38709 https://bugzilla.redhat.com/show_bug.cgi?id=2273491 https://www.cve.org/CVERecord?id=CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38709.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "XpTqsrTo5GhyVoXq1J6R1A==": { "id": "XpTqsrTo5GhyVoXq1J6R1A==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "XuMP4XKeqFlYH9jgvFKXXw==": { "id": "XuMP4XKeqFlYH9jgvFKXXw==", "updater": "rhel-vex", "name": "CVE-2023-2609", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "issued": "2023-05-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2609.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y/6FiFNJ+h2jXNTlPOzrnQ==": { "id": "Y/6FiFNJ+h2jXNTlPOzrnQ==", "updater": "rhel-vex", "name": "CVE-2023-0051", "description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0051.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y0WCcL6v+5OIjHQRxTrD9A==": { "id": "Y0WCcL6v+5OIjHQRxTrD9A==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "Y3OvoDmeS+5hnAANsWjyFw==": { "id": "Y3OvoDmeS+5hnAANsWjyFw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Y3WKF6/Qa3b8kujepTuCsg==": { "id": "Y3WKF6/Qa3b8kujepTuCsg==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y5911jYxxg7J6VKhk7mqCw==": { "id": "Y5911jYxxg7J6VKhk7mqCw==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "Y6TEBwH0+CoZ50j5sQV23w==": { "id": "Y6TEBwH0+CoZ50j5sQV23w==", "updater": "rhel-vex", "name": "CVE-2021-3968", "description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3968.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y6jBF6ZoX5K+LWaeE5AkSA==": { "id": "Y6jBF6ZoX5K+LWaeE5AkSA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Y8KTdl/rf2JLSAIhuuUuHA==": { "id": "Y8KTdl/rf2JLSAIhuuUuHA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Y8lb/NrdVvcIZE+CE1zroA==": { "id": "Y8lb/NrdVvcIZE+CE1zroA==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "YBqwZyDthwb6s3n+wbOzLg==": { "id": "YBqwZyDthwb6s3n+wbOzLg==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "YJQlxoVOE5P26dajRfQPmg==": { "id": "YJQlxoVOE5P26dajRfQPmg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "YKiM9634FJ6Nt8Hf0D1VVw==": { "id": "YKiM9634FJ6Nt8Hf0D1VVw==", "updater": "rhel-vex", "name": "CVE-2024-24795", "description": "A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24795 https://bugzilla.redhat.com/show_bug.cgi?id=2273499 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24795.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "httpd-tools", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "YNMtsn/tcZvCfn+cUvP3pg==": { "id": "YNMtsn/tcZvCfn+cUvP3pg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "YNouFTBaiJNQFxYyrJAQcA==": { "id": "YNouFTBaiJNQFxYyrJAQcA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "YRtomD2mNPBaDnjgdnhCQQ==": { "id": "YRtomD2mNPBaDnjgdnhCQQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "YSdK7PYtLQ7JLXu7W4mdRQ==": { "id": "YSdK7PYtLQ7JLXu7W4mdRQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-FileHandle", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.03-481.el9", "arch_op": "pattern match" }, "YUiBEe6UcZYBWbha1tAg7Q==": { "id": "YUiBEe6UcZYBWbha1tAg7Q==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "YUwZZ9Cg1FloxBZV60vOCg==": { "id": "YUwZZ9Cg1FloxBZV60vOCg==", "updater": "rhel-vex", "name": "CVE-2022-2522", "description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2522.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YYqZRAErReQsq797SjIKyQ==": { "id": "YYqZRAErReQsq797SjIKyQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "Yd+jdu/TGJMZbAeBYGplMQ==": { "id": "Yd+jdu/TGJMZbAeBYGplMQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "YflZHrpMaALkUOyhhiuuUg==": { "id": "YflZHrpMaALkUOyhhiuuUg==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "YgxSASsulE3lhlk/tt7LHw==": { "id": "YgxSASsulE3lhlk/tt7LHw==", "updater": "rhel-vex", "name": "CVE-2023-31122", "description": "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", "issued": "2023-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31122 https://bugzilla.redhat.com/show_bug.cgi?id=2245332 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://nvd.nist.gov/vuln/detail/CVE-2023-31122 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31122.json https://access.redhat.com/errata/RHSA-2024:2278", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_ssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:2.4.57-8.el9", "arch_op": "pattern match" }, "YickFGkosXFq4QeJ0jRTmg==": { "id": "YickFGkosXFq4QeJ0jRTmg==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "Ym7IYlmL5IkPVpjUaX6hNw==": { "id": "Ym7IYlmL5IkPVpjUaX6hNw==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "YqWCYK92PMDEl8TLsC6HCw==": { "id": "YqWCYK92PMDEl8TLsC6HCw==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "YrX1xPwGMuZ6z8Qz+xH8CQ==": { "id": "YrX1xPwGMuZ6z8Qz+xH8CQ==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "YwzFRyTfK5sDaZVLdCouhw==": { "id": "YwzFRyTfK5sDaZVLdCouhw==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "Z0bbSkX8e3OUKdJa86CbBw==": { "id": "Z0bbSkX8e3OUKdJa86CbBw==", "updater": "rhel-vex", "name": "CVE-2021-4217", "description": "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.", "issued": "2022-01-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4217 https://bugzilla.redhat.com/show_bug.cgi?id=2044583 https://www.cve.org/CVERecord?id=CVE-2021-4217 https://nvd.nist.gov/vuln/detail/CVE-2021-4217 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4217.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Z3ooXdPZHBGz3Zn2fzVGjA==": { "id": "Z3ooXdPZHBGz3Zn2fzVGjA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ZCn9Srq8w747kRfU/6QKyw==": { "id": "ZCn9Srq8w747kRfU/6QKyw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "ZFn12nIvEndnJS63wjZESA==": { "id": "ZFn12nIvEndnJS63wjZESA==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "ZMCWgxkMJ4LjF/nj5/+01g==": { "id": "ZMCWgxkMJ4LjF/nj5/+01g==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ZNwy3QgTwoKlAhTZV5z0HA==": { "id": "ZNwy3QgTwoKlAhTZV5z0HA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "ZOlDuMHRTvnXFtaV1nFliw==": { "id": "ZOlDuMHRTvnXFtaV1nFliw==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "ZPTYG1GW4N8khhdO0sFXlQ==": { "id": "ZPTYG1GW4N8khhdO0sFXlQ==", "updater": "rhel-vex", "name": "CVE-2024-39331", "description": "A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.", "issued": "2024-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39331 https://bugzilla.redhat.com/show_bug.cgi?id=2293942 https://www.cve.org/CVERecord?id=CVE-2024-39331 https://nvd.nist.gov/vuln/detail/CVE-2024-39331 https://www.openwall.com/lists/oss-security/2024/06/23/1 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39331.json https://access.redhat.com/errata/RHSA-2024:6510", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9_4", "arch_op": "pattern match" }, "ZdCiHmwhX39f7Nxq9Dvfig==": { "id": "ZdCiHmwhX39f7Nxq9Dvfig==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "ZeZr3mN4O6iS2eUDKCRGdA==": { "id": "ZeZr3mN4O6iS2eUDKCRGdA==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "Zi1o7b8bEdo9KhZZdH0SUQ==": { "id": "Zi1o7b8bEdo9KhZZdH0SUQ==", "updater": "rhel-vex", "name": "CVE-2023-31122", "description": "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", "issued": "2023-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31122 https://bugzilla.redhat.com/show_bug.cgi?id=2245332 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://nvd.nist.gov/vuln/detail/CVE-2023-31122 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31122.json https://access.redhat.com/errata/RHSA-2024:2278", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-8.el9", "arch_op": "pattern match" }, "Zi4lyFbPtDTAWKi80UvBVw==": { "id": "Zi4lyFbPtDTAWKi80UvBVw==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "Zkpj9zUf/wvRz7rtFrTzyQ==": { "id": "Zkpj9zUf/wvRz7rtFrTzyQ==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ZmujHtiyxPvmBBbUi0nxZw==": { "id": "ZmujHtiyxPvmBBbUi0nxZw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "ZuHlmxuhHqToQ9pmNtzzAA==": { "id": "ZuHlmxuhHqToQ9pmNtzzAA==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "ZvOFKEq7oWW91gkeFtoU/w==": { "id": "ZvOFKEq7oWW91gkeFtoU/w==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "a+JwG0xBDvmYEUUxYjq1Kg==": { "id": "a+JwG0xBDvmYEUUxYjq1Kg==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "a4nZis/zgZDfMKZCwlqdOQ==": { "id": "a4nZis/zgZDfMKZCwlqdOQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "a5l+SxLdqB3cOBewJ+GHLw==": { "id": "a5l+SxLdqB3cOBewJ+GHLw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "a5tv38r7RoeoKCznzGbyPQ==": { "id": "a5tv38r7RoeoKCznzGbyPQ==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "a7EB0fwsUs3hrXN5L9zyjQ==": { "id": "a7EB0fwsUs3hrXN5L9zyjQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "a7uz8mOwNYThyDdvXW+WsA==": { "id": "a7uz8mOwNYThyDdvXW+WsA==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "a7yL9rjZkvWVTG0o5DKHqQ==": { "id": "a7yL9rjZkvWVTG0o5DKHqQ==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "a8lEoliaJpwjl9bCwQSdLA==": { "id": "a8lEoliaJpwjl9bCwQSdLA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a9FllBAJiFi5FeYl0KG4aQ==": { "id": "a9FllBAJiFi5FeYl0KG4aQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aAVm4kpbzKMBBNDUUZvawg==": { "id": "aAVm4kpbzKMBBNDUUZvawg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "aF+sd+odivpUdxBxF+S5uw==": { "id": "aF+sd+odivpUdxBxF+S5uw==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "aGY9xK+6q2v7OdE17hHXxQ==": { "id": "aGY9xK+6q2v7OdE17hHXxQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "aJnNGTgV/SQw08JCZMvqeA==": { "id": "aJnNGTgV/SQw08JCZMvqeA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "aLzx+P0aEIkUrEfjJdf5/w==": { "id": "aLzx+P0aEIkUrEfjJdf5/w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "aNmMuJ15ZBwP9R8F7p6TOw==": { "id": "aNmMuJ15ZBwP9R8F7p6TOw==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-gfortran", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "aQGx6Am8fU9TZmcyiMNL4A==": { "id": "aQGx6Am8fU9TZmcyiMNL4A==", "updater": "rhel-vex", "name": "CVE-2024-43802", "description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "issued": "2024-08-26T19:15:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aSJymHSxRBYrHs97nG69hw==": { "id": "aSJymHSxRBYrHs97nG69hw==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "ac6BZ0tqO6i0QQDCZWfGNg==": { "id": "ac6BZ0tqO6i0QQDCZWfGNg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "achkbzg3O1uzsJzN1LVDLg==": { "id": "achkbzg3O1uzsJzN1LVDLg==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "akyADtY97pCYfGQtx4g3Vw==": { "id": "akyADtY97pCYfGQtx4g3Vw==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "apOLVQNsMm6SHDR1ZLmlVw==": { "id": "apOLVQNsMm6SHDR1ZLmlVw==", "updater": "rhel-vex", "name": "CVE-2024-38477", "description": "A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2295016 https://www.cve.org/CVERecord?id=CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38477.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "mod_ssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:2.4.57-11.el9_4", "arch_op": "pattern match" }, "arPTXFJYsCT564EgyQClGA==": { "id": "arPTXFJYsCT564EgyQClGA==", "updater": "rhel-vex", "name": "CVE-2021-31535", "description": "A missing validation flaw was found in libX11. This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate (via injection of control characters), or potentially execute arbitrary code with permissions of the application compiled with libX11. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "issued": "2021-05-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-31535 https://bugzilla.redhat.com/show_bug.cgi?id=1961822 https://www.cve.org/CVERecord?id=CVE-2021-31535 https://nvd.nist.gov/vuln/detail/CVE-2021-31535 https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/ https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-31535.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "arTUuvS7/95E2eEJJD9lOQ==": { "id": "arTUuvS7/95E2eEJJD9lOQ==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "aspIRl2zXkMgoNBD+Mjfng==": { "id": "aspIRl2zXkMgoNBD+Mjfng==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "ax7ntKztjjUex0Fnm21atg==": { "id": "ax7ntKztjjUex0Fnm21atg==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "axH36tojleQPaI/cBLrGqg==": { "id": "axH36tojleQPaI/cBLrGqg==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "axoy8GS3FJZXy/Fso4Xcfw==": { "id": "axoy8GS3FJZXy/Fso4Xcfw==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "ayzrYTjP9s62uUTvstTkxQ==": { "id": "ayzrYTjP9s62uUTvstTkxQ==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "b/nsl3W/3xqqNm66ResZaA==": { "id": "b/nsl3W/3xqqNm66ResZaA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "b21yUyaQZ7Y4OfaGCUVaag==": { "id": "b21yUyaQZ7Y4OfaGCUVaag==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "b24jROqAI53DUVRmvW6uEg==": { "id": "b24jROqAI53DUVRmvW6uEg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "b2xf65/2S45gOxG8Grxy0g==": { "id": "b2xf65/2S45gOxG8Grxy0g==", "updater": "rhel-vex", "name": "CVE-2023-5441", "description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2023-10-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5441.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "b3gcqhWrOMtSFjkTMyyWQw==": { "id": "b3gcqhWrOMtSFjkTMyyWQw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "b4Z67JiG3MMAzmfec/ENJg==": { "id": "b4Z67JiG3MMAzmfec/ENJg==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "b4aC+VBxT4a9as7pojFgGw==": { "id": "b4aC+VBxT4a9as7pojFgGw==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "b4mA44yc2lKr+KMpuK3ZAw==": { "id": "b4mA44yc2lKr+KMpuK3ZAw==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "bA3ztsCpotNDP+b742CdhA==": { "id": "bA3ztsCpotNDP+b742CdhA==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "bACUKZThWu3kcO82NfO4eg==": { "id": "bACUKZThWu3kcO82NfO4eg==", "updater": "rhel-vex", "name": "CVE-2023-1264", "description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1264.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bBi5lk15Sah7ndADTEj8LA==": { "id": "bBi5lk15Sah7ndADTEj8LA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "bLFjKIUdSS+8cV/RucLeHw==": { "id": "bLFjKIUdSS+8cV/RucLeHw==", "updater": "rhel-vex", "name": "CVE-2024-24795", "description": "A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24795 https://bugzilla.redhat.com/show_bug.cgi?id=2273499 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24795.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "mod_ssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:2.4.62-1.el9", "arch_op": "pattern match" }, "bLMaRua6ipPy16X+92IGGw==": { "id": "bLMaRua6ipPy16X+92IGGw==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "bNvH54V1y9cXsGaCXVwFVw==": { "id": "bNvH54V1y9cXsGaCXVwFVw==", "updater": "osv/pypi", "name": "GHSA-5rjg-fvgr-3xxf", "description": "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "issued": "2025-05-19T16:52:43Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://nvd.nist.gov/vuln/detail/CVE-2025-47273 https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml https://github.com/pypa/setuptools https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html", "severity": "HIGH", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "bPxejplqXNhUXDZqwkk2HA==": { "id": "bPxejplqXNhUXDZqwkk2HA==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "bQK/Rney1rPI7+9CyV9VTA==": { "id": "bQK/Rney1rPI7+9CyV9VTA==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "bT/RPviG0rL+T20EQB8RhQ==": { "id": "bT/RPviG0rL+T20EQB8RhQ==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "beUGNCG9iPBG/Zz8r78LLA==": { "id": "beUGNCG9iPBG/Zz8r78LLA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "bf41zTvm6HAv6xdiXpwGWQ==": { "id": "bf41zTvm6HAv6xdiXpwGWQ==", "updater": "rhel-vex", "name": "CVE-2025-32728", "description": "A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations.", "issued": "2025-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32728 https://bugzilla.redhat.com/show_bug.cgi?id=2358767 https://www.cve.org/CVERecord?id=CVE-2025-32728 https://nvd.nist.gov/vuln/detail/CVE-2025-32728 https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32728.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bh7RRRlNP555+LOFASdB0w==": { "id": "bh7RRRlNP555+LOFASdB0w==", "updater": "rhel-vex", "name": "CVE-2022-2980", "description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2980.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bhA9iwxy9MINYhbMyTn1hA==": { "id": "bhA9iwxy9MINYhbMyTn1hA==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "bkhxy13HX9frw7feognLPA==": { "id": "bkhxy13HX9frw7feognLPA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "blTOjHCd+uWQY/erNemJNg==": { "id": "blTOjHCd+uWQY/erNemJNg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "bpwdCug2xQZhmaazCqwIew==": { "id": "bpwdCug2xQZhmaazCqwIew==", "updater": "rhel-vex", "name": "CVE-2023-51767", "description": "An authentication bypass vulnerability was found in a modified version of OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit. Exploiting a Rowhammer-style attack to flip bits in memory, forces successful authentication by setting the return code to 0.", "issued": "2023-12-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bs/xgRqGmS+1ZakXV+VWbw==": { "id": "bs/xgRqGmS+1ZakXV+VWbw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "bsRv0aDEciFIqDbEA3oU/g==": { "id": "bsRv0aDEciFIqDbEA3oU/g==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "btNYPbmIqnHI3+3MJrK+8w==": { "id": "btNYPbmIqnHI3+3MJrK+8w==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "buJgcdzjkcqlPTjRHlv+aQ==": { "id": "buJgcdzjkcqlPTjRHlv+aQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "bxvUH4+61wUaHdEEphuOXg==": { "id": "bxvUH4+61wUaHdEEphuOXg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "c/V3UUetEWXOe0XME5swFQ==": { "id": "c/V3UUetEWXOe0XME5swFQ==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "c8VcLtF5K0vg10vsMZYG1g==": { "id": "c8VcLtF5K0vg10vsMZYG1g==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "c8cGZ/4k99JHYnQ4CNatRw==": { "id": "c8cGZ/4k99JHYnQ4CNatRw==", "updater": "rhel-vex", "name": "CVE-2023-1579", "description": "A heap based buffer overflow was found in binutils-gdb/bfd/libbfd.c in bfd_getl64 in binutils.", "issued": "2023-01-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1579 https://bugzilla.redhat.com/show_bug.cgi?id=2180905 https://www.cve.org/CVERecord?id=CVE-2023-1579 https://nvd.nist.gov/vuln/detail/CVE-2023-1579 https://sourceware.org/bugzilla/show_bug.cgi?id=29988 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1579.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "c95Jb/MAeM4/Wnq2jSIopg==": { "id": "c95Jb/MAeM4/Wnq2jSIopg==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cEBSRCjTfMgbAUsOsjMnqQ==": { "id": "cEBSRCjTfMgbAUsOsjMnqQ==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "cEWgC5CO6TrD8MK/mH+Kfw==": { "id": "cEWgC5CO6TrD8MK/mH+Kfw==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "cMY+6QfPqyOZE380Mf5rIQ==": { "id": "cMY+6QfPqyOZE380Mf5rIQ==", "updater": "rhel-vex", "name": "CVE-2022-0351", "description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0351.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cPlqbimjP0WfKIKsSfuixQ==": { "id": "cPlqbimjP0WfKIKsSfuixQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "cPq/U1/7qnqQE3GmlFCwvw==": { "id": "cPq/U1/7qnqQE3GmlFCwvw==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "cXGFX+eCyapcmfysk5GPvw==": { "id": "cXGFX+eCyapcmfysk5GPvw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "cYFbjhnbLGvTbLgTZZAfjg==": { "id": "cYFbjhnbLGvTbLgTZZAfjg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-B", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.80-481.el9", "arch_op": "pattern match" }, "cbIq+LDh02KLTHswWXODkA==": { "id": "cbIq+LDh02KLTHswWXODkA==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "cbNKZbfbJhPfPLHi6va27w==": { "id": "cbNKZbfbJhPfPLHi6va27w==", "updater": "rhel-vex", "name": "CVE-2022-3555", "description": "A flaw was found in the libX11 package in the_XFreeX11XCBStructure function of the xcb_disp.c file. The manipulation of the argument dpy may lead to a memory leak, resulting in a crash.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3555 https://bugzilla.redhat.com/show_bug.cgi?id=2136412 https://www.cve.org/CVERecord?id=CVE-2022-3555 https://nvd.nist.gov/vuln/detail/CVE-2022-3555 https://ubuntu.com/security/CVE-2022-3555 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3555.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cgF+p8OJpHCsOW2Oy70xoA==": { "id": "cgF+p8OJpHCsOW2Oy70xoA==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "cgxcvHmn06cOBf5ZYQwsUw==": { "id": "cgxcvHmn06cOBf5ZYQwsUw==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "cjoCrbQlAeGxtTPUlcMPuA==": { "id": "cjoCrbQlAeGxtTPUlcMPuA==", "updater": "rhel-vex", "name": "CVE-2025-26603", "description": "A flaw was found in Vim's :redir command. This vulnerability allows a use-after-free condition via redirecting the :display command to a clipboard register (* or +), which allows access to freed memory.", "issued": "2025-02-18T19:04:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26603 https://bugzilla.redhat.com/show_bug.cgi?id=2346346 https://www.cve.org/CVERecord?id=CVE-2025-26603 https://nvd.nist.gov/vuln/detail/CVE-2025-26603 https://github.com/vim/vim/commit/c0f0e2380e5954f4a52a131bf6b8 https://github.com/vim/vim/security/advisories/GHSA-63p5-mwg2-787v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26603.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "coulLPAoexKoIM9KOAPmNw==": { "id": "coulLPAoexKoIM9KOAPmNw==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "cp/A6si6B6vWVQNk17XSnQ==": { "id": "cp/A6si6B6vWVQNk17XSnQ==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "cpGjwZ3Q1xNLBVEpajU1Dw==": { "id": "cpGjwZ3Q1xNLBVEpajU1Dw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "cuNmXs5IUHyxswp17wjaOA==": { "id": "cuNmXs5IUHyxswp17wjaOA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "cwXdqs9AFOcThYn4e8y3yw==": { "id": "cwXdqs9AFOcThYn4e8y3yw==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "cxMZ2TEnkk6RdtuU9fDThg==": { "id": "cxMZ2TEnkk6RdtuU9fDThg==", "updater": "rhel-vex", "name": "CVE-2021-3927", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3927.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d3hg3p7HHSzNu7EiHNm8hw==": { "id": "d3hg3p7HHSzNu7EiHNm8hw==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "d5uoKdT1BAcdC26hQDhadA==": { "id": "d5uoKdT1BAcdC26hQDhadA==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "d8mzsl/ZaK1d/J7qLMkOkA==": { "id": "d8mzsl/ZaK1d/J7qLMkOkA==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "dCUBvfGyOSXO4VY8QdHggA==": { "id": "dCUBvfGyOSXO4VY8QdHggA==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "dDqXtPkCzlt66cmXbEzdNg==": { "id": "dDqXtPkCzlt66cmXbEzdNg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "dKzgwwkG/spsYd8PVvrk6A==": { "id": "dKzgwwkG/spsYd8PVvrk6A==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dO/rj/SVo/ZlfJAB2ajOEQ==": { "id": "dO/rj/SVo/ZlfJAB2ajOEQ==", "updater": "rhel-vex", "name": "CVE-2023-5535", "description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5535.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dQRtstacQp0RWMkspwRjSg==": { "id": "dQRtstacQp0RWMkspwRjSg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "dQtkeBg4aMq+iqhRXRyUDQ==": { "id": "dQtkeBg4aMq+iqhRXRyUDQ==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "dRRO3xWXsQiDcS082MP2NA==": { "id": "dRRO3xWXsQiDcS082MP2NA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "dSnXn5Yob1BEel/wisIyNA==": { "id": "dSnXn5Yob1BEel/wisIyNA==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "dWXEBBwtYKNNgI/pql/Wqg==": { "id": "dWXEBBwtYKNNgI/pql/Wqg==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "dXai+tN/7FyABpZEHRiZgw==": { "id": "dXai+tN/7FyABpZEHRiZgw==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "ddgghMsgXhjnixlaC8h3Zw==": { "id": "ddgghMsgXhjnixlaC8h3Zw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "de6Wm8GcUOvZ/vqX7ogEtQ==": { "id": "de6Wm8GcUOvZ/vqX7ogEtQ==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "dhro9iIkTPAfFcnPAgDTUQ==": { "id": "dhro9iIkTPAfFcnPAgDTUQ==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "dm+ndyaUV9ItZVXnMeopkQ==": { "id": "dm+ndyaUV9ItZVXnMeopkQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "dpCbBO9jgzvekz9nKJpSRA==": { "id": "dpCbBO9jgzvekz9nKJpSRA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "dqe0cUL9x7B6/mdr5l8FyQ==": { "id": "dqe0cUL9x7B6/mdr5l8FyQ==", "updater": "rhel-vex", "name": "CVE-2023-38709", "description": "A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38709 https://bugzilla.redhat.com/show_bug.cgi?id=2273491 https://www.cve.org/CVERecord?id=CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38709.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_ldap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "dx/et2OZXdYVZSrhJfSrZw==": { "id": "dx/et2OZXdYVZSrhJfSrZw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "dyCYPXxd7bCPPaju+r3IVw==": { "id": "dyCYPXxd7bCPPaju+r3IVw==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "dzeq4RzokXiRsxVtGOEPhA==": { "id": "dzeq4RzokXiRsxVtGOEPhA==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "e/bnYsWq3UNe4TO8qzzb8A==": { "id": "e/bnYsWq3UNe4TO8qzzb8A==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e/v4SMj2wFe/5+CPTpBb+A==": { "id": "e/v4SMj2wFe/5+CPTpBb+A==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0VfCD1REapdkagkByCnXQ==": { "id": "e0VfCD1REapdkagkByCnXQ==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0c8j88d0jw4SJ/HjX6HpQ==": { "id": "e0c8j88d0jw4SJ/HjX6HpQ==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "e2U3+rnCE0yJbEhq/B49zQ==": { "id": "e2U3+rnCE0yJbEhq/B49zQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "e6LZ4uJxRzOyLre8rcZ0vA==": { "id": "e6LZ4uJxRzOyLre8rcZ0vA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "e7h3lwyDkLbzwbeza9/TWw==": { "id": "e7h3lwyDkLbzwbeza9/TWw==", "updater": "rhel-vex", "name": "CVE-2022-4293", "description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4293.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e8C6jymFUSIHopouPFGGFQ==": { "id": "e8C6jymFUSIHopouPFGGFQ==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "eBEaq7QkFFGIjRiXXe+5jA==": { "id": "eBEaq7QkFFGIjRiXXe+5jA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "eCD0Zq+Sv5lVZTbBica/1Q==": { "id": "eCD0Zq+Sv5lVZTbBica/1Q==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "eERb0a2u5NJoo8XHmwI23A==": { "id": "eERb0a2u5NJoo8XHmwI23A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-subs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.03-481.el9", "arch_op": "pattern match" }, "eEdM5b8SNZw5B2W+M8++aw==": { "id": "eEdM5b8SNZw5B2W+M8++aw==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "eHjfPFaXzOZyzfB0f3GbJw==": { "id": "eHjfPFaXzOZyzfB0f3GbJw==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "eLH64OubpdVT5P7gyNiMhw==": { "id": "eLH64OubpdVT5P7gyNiMhw==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "eP1FG6VgmguUBnU9hC/AUg==": { "id": "eP1FG6VgmguUBnU9hC/AUg==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "eQlZ6TVCSDW0YD8sgXyweQ==": { "id": "eQlZ6TVCSDW0YD8sgXyweQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "eSBOrEkCJo/Pw2Y4iW0fkA==": { "id": "eSBOrEkCJo/Pw2Y4iW0fkA==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "eTNfn3GTlnobAc4el0vVmg==": { "id": "eTNfn3GTlnobAc4el0vVmg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "eU+ILHU8CY+dWE/VYEmKUg==": { "id": "eU+ILHU8CY+dWE/VYEmKUg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "edJj0SWSjBg+OUxgE/bF/w==": { "id": "edJj0SWSjBg+OUxgE/bF/w==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-lib", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.65-481.el9", "arch_op": "pattern match" }, "eekbTUpqIafepE8Hfmhn6g==": { "id": "eekbTUpqIafepE8Hfmhn6g==", "updater": "rhel-vex", "name": "CVE-2021-4187", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4187.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eic8i4R9WS+Q8xyh4Yb4IQ==": { "id": "eic8i4R9WS+Q8xyh4Yb4IQ==", "updater": "rhel-vex", "name": "CVE-2023-38709", "description": "A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38709 https://bugzilla.redhat.com/show_bug.cgi?id=2273491 https://www.cve.org/CVERecord?id=CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38709.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_session", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "ejpYPjjExqrl4chxj9uLog==": { "id": "ejpYPjjExqrl4chxj9uLog==", "updater": "rhel-vex", "name": "CVE-2024-38473", "description": "A flaw was found in the mod_proxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38473 https://bugzilla.redhat.com/show_bug.cgi?id=2295012 https://www.cve.org/CVERecord?id=CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38473.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "ejuaJgliYRMqa1eisyzj5A==": { "id": "ejuaJgliYRMqa1eisyzj5A==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "ek3+7A2JecsNdDGEqoDjTQ==": { "id": "ek3+7A2JecsNdDGEqoDjTQ==", "updater": "rhel-vex", "name": "CVE-2023-36191", "description": "A segmentation fault was discovered in SQLite. This issue exists due to a boundary error within the /sqlite3_aflpp/shell.c which could allow a local user to send a specially crafted request to the database to trigger memory corruption and perform a denial of service (DoS) attack.", "issued": "2023-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36191 https://bugzilla.redhat.com/show_bug.cgi?id=2216936 https://www.cve.org/CVERecord?id=CVE-2023-36191 https://nvd.nist.gov/vuln/detail/CVE-2023-36191 https://www.sqlite.org/forum/forumpost/19f55ef73b https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36191.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "em5AO2rYrgNnhFwzmAjfjQ==": { "id": "em5AO2rYrgNnhFwzmAjfjQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "enCBbxIBBG9uJBIJ2Silsw==": { "id": "enCBbxIBBG9uJBIJ2Silsw==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "epxZ48/SIfLXd06fZqIspg==": { "id": "epxZ48/SIfLXd06fZqIspg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "erPkEyDHplTNz5OUVOYC0w==": { "id": "erPkEyDHplTNz5OUVOYC0w==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "exYmjpiMmOkTrwjxIZq6JQ==": { "id": "exYmjpiMmOkTrwjxIZq6JQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ezxnHKwNvaQzOm0eoN6eYA==": { "id": "ezxnHKwNvaQzOm0eoN6eYA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "f2eveWp2gzC6peE+M/ZNhg==": { "id": "f2eveWp2gzC6peE+M/ZNhg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "f4QDD+YvES2qKPm12WbPwQ==": { "id": "f4QDD+YvES2qKPm12WbPwQ==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "f4ea/sV/4Prs0uTKnuNrmQ==": { "id": "f4ea/sV/4Prs0uTKnuNrmQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "f8zkiAQiKYmmQ6JoWVEpyg==": { "id": "f8zkiAQiKYmmQ6JoWVEpyg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "fArj/oGEQJYMqcLV3LNH/A==": { "id": "fArj/oGEQJYMqcLV3LNH/A==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "fAt+QSazQuj9LFCdyfZZzA==": { "id": "fAt+QSazQuj9LFCdyfZZzA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "fFFyLv+kyEvxd6yF7hwQTw==": { "id": "fFFyLv+kyEvxd6yF7hwQTw==", "updater": "rhel-vex", "name": "CVE-2024-24795", "description": "A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24795 https://bugzilla.redhat.com/show_bug.cgi?id=2273499 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24795.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "httpd-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "fGKSZdBeYQo7tqM/Z+1Gow==": { "id": "fGKSZdBeYQo7tqM/Z+1Gow==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "fIV0OhL231N5SkDHdJvs6Q==": { "id": "fIV0OhL231N5SkDHdJvs6Q==", "updater": "rhel-vex", "name": "CVE-2023-27522", "description": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27522 https://bugzilla.redhat.com/show_bug.cgi?id=2176211 https://www.cve.org/CVERecord?id=CVE-2023-27522 https://nvd.nist.gov/vuln/detail/CVE-2023-27522 https://httpd.apache.org/security/vulnerabilities_24.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27522.json https://access.redhat.com/errata/RHSA-2023:6403", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_lua", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-5.el9", "arch_op": "pattern match" }, "fLQFCII8wF0O4a+xMrB5uA==": { "id": "fLQFCII8wF0O4a+xMrB5uA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "fSeU4QTAs+fY+ihLpgdM9A==": { "id": "fSeU4QTAs+fY+ihLpgdM9A==", "updater": "rhel-vex", "name": "CVE-2025-1377", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the gelf_getsymshndx function in strip.c.", "issued": "2025-02-17T05:00:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1377 https://bugzilla.redhat.com/show_bug.cgi?id=2346066 https://www.cve.org/CVERecord?id=CVE-2025-1377 https://nvd.nist.gov/vuln/detail/CVE-2025-1377 https://sourceware.org/bugzilla/attachment.cgi?id=15941 https://sourceware.org/bugzilla/show_bug.cgi?id=32673 https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2 https://vuldb.com/?ctiid.295985 https://vuldb.com/?id.295985 https://vuldb.com/?submit.497539 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1377.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fbGCR/SwRYoDsuegA9WoiQ==": { "id": "fbGCR/SwRYoDsuegA9WoiQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "fbRJLkkKyAqhMbdbbcLwwg==": { "id": "fbRJLkkKyAqhMbdbbcLwwg==", "updater": "rhel-vex", "name": "CVE-2025-4207", "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", "issued": "2025-05-08T14:22:45Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4207 https://bugzilla.redhat.com/show_bug.cgi?id=2365111 https://www.cve.org/CVERecord?id=CVE-2025-4207 https://nvd.nist.gov/vuln/detail/CVE-2025-4207 https://www.postgresql.org/support/security/CVE-2025-4207/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4207.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpq", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fil2zeXkk1/a+i/G+BujrA==": { "id": "fil2zeXkk1/a+i/G+BujrA==", "updater": "rhel-vex", "name": "CVE-2023-27522", "description": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27522 https://bugzilla.redhat.com/show_bug.cgi?id=2176211 https://www.cve.org/CVERecord?id=CVE-2023-27522 https://nvd.nist.gov/vuln/detail/CVE-2023-27522 https://httpd.apache.org/security/vulnerabilities_24.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27522.json https://access.redhat.com/errata/RHSA-2023:6403", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-5.el9", "arch_op": "pattern match" }, "fkpYn5dRh4u/WWGeaiLjCw==": { "id": "fkpYn5dRh4u/WWGeaiLjCw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "fp87zNEa2D9uFt6aQDX/nA==": { "id": "fp87zNEa2D9uFt6aQDX/nA==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "fseKmDSP+zTsa8pgVGAvSQ==": { "id": "fseKmDSP+zTsa8pgVGAvSQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "ftFEFfGG+VeyR1jgHtRgSw==": { "id": "ftFEFfGG+VeyR1jgHtRgSw==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "fwfAtjf5gVRneidAp93edQ==": { "id": "fwfAtjf5gVRneidAp93edQ==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fyONzYZbtPrBLBjFGxQl/g==": { "id": "fyONzYZbtPrBLBjFGxQl/g==", "updater": "rhel-vex", "name": "CVE-2024-38474", "description": "A flaw was found in the mod_rewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38474 https://bugzilla.redhat.com/show_bug.cgi?id=2295013 https://www.cve.org/CVERecord?id=CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38474.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "httpd-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "g2wHkBtzovCWgCo7+WkU9Q==": { "id": "g2wHkBtzovCWgCo7+WkU9Q==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "g6spFzT6DoopzuQCE0pjRg==": { "id": "g6spFzT6DoopzuQCE0pjRg==", "updater": "rhel-vex", "name": "CVE-2022-2285", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2285.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g8hJlpBfWMarbfdU+OkQdw==": { "id": "g8hJlpBfWMarbfdU+OkQdw==", "updater": "rhel-vex", "name": "CVE-2024-10524", "description": "A flaw was found in the Wget package. Wget might issue an FTP request to a different host in configurations where the HTTP shorthand format is used with user-provided input. An attacker may be able to use specially crafted input to cause Wget to access an arbitrary host.", "issued": "2024-11-19T14:23:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10524 https://bugzilla.redhat.com/show_bug.cgi?id=2327303 https://www.cve.org/CVERecord?id=CVE-2024-10524 https://nvd.nist.gov/vuln/detail/CVE-2024-10524 https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/ https://seclists.org/oss-sec/2024/q4/107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10524.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gBPNXzwjgVa5ca7lHwiyCw==": { "id": "gBPNXzwjgVa5ca7lHwiyCw==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "gC/eGs//KFmS38pAonhk3Q==": { "id": "gC/eGs//KFmS38pAonhk3Q==", "updater": "rhel-vex", "name": "CVE-2024-39573", "description": "A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39573 https://bugzilla.redhat.com/show_bug.cgi?id=2295022 https://www.cve.org/CVERecord?id=CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39573.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "gC/gC557IC+8uloPSsxYeg==": { "id": "gC/gC557IC+8uloPSsxYeg==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "gC3dJaA81IvQxpeDciVx9Q==": { "id": "gC3dJaA81IvQxpeDciVx9Q==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "gCDAawtTyfC//zBgWDdiZQ==": { "id": "gCDAawtTyfC//zBgWDdiZQ==", "updater": "rhel-vex", "name": "CVE-2023-30630", "description": "A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.", "issued": "2023-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2186669 https://www.cve.org/CVERecord?id=CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://github.com/adamreiser/dmiwrite https://github.com/advisories/GHSA-9r2p-xmm5-5ppg https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30630.json https://access.redhat.com/errata/RHSA-2023:5061", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dmidecode", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.3-7.el9_2.1", "arch_op": "pattern match" }, "gCebGc7h8wl4naU6uyAdpQ==": { "id": "gCebGc7h8wl4naU6uyAdpQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "gGrGej/Pj6/poAgebFb+dg==": { "id": "gGrGej/Pj6/poAgebFb+dg==", "updater": "rhel-vex", "name": "CVE-2022-3352", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3352.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gGstDOffozUq96qPOjU3Cw==": { "id": "gGstDOffozUq96qPOjU3Cw==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "gJB4UR04diqd8I+vxY+1fA==": { "id": "gJB4UR04diqd8I+vxY+1fA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "gNGv6C2nj/tHk2ntVJUOWw==": { "id": "gNGv6C2nj/tHk2ntVJUOWw==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gNH0Wp3fx4JyJiGqOpJt8Q==": { "id": "gNH0Wp3fx4JyJiGqOpJt8Q==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "gO/zNtynA7F2O6aq8GoPIA==": { "id": "gO/zNtynA7F2O6aq8GoPIA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "gQ5m9am3Bv84irZQypyt/Q==": { "id": "gQ5m9am3Bv84irZQypyt/Q==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "gSHRfR0qveh/P3sU4m+UnA==": { "id": "gSHRfR0qveh/P3sU4m+UnA==", "updater": "rhel-vex", "name": "CVE-2024-38473", "description": "A flaw was found in the mod_proxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38473 https://bugzilla.redhat.com/show_bug.cgi?id=2295012 https://www.cve.org/CVERecord?id=CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38473.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_ldap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "gTyBvus3gRvwKplivrccuQ==": { "id": "gTyBvus3gRvwKplivrccuQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "gW0KUmpTUJYEkCwOP2FqGA==": { "id": "gW0KUmpTUJYEkCwOP2FqGA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "gXGTVqEE1sJ1zRCi22QFfQ==": { "id": "gXGTVqEE1sJ1zRCi22QFfQ==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "gXL4B2vaIh9GAfuTjlS8Pg==": { "id": "gXL4B2vaIh9GAfuTjlS8Pg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "gY9+YsbpBVhdQiQFYUR+HA==": { "id": "gY9+YsbpBVhdQiQFYUR+HA==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "gb5j6KarixX5fipxRp1LNQ==": { "id": "gb5j6KarixX5fipxRp1LNQ==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "gbEu2I8wF+wTuk+ZpmRmjA==": { "id": "gbEu2I8wF+wTuk+ZpmRmjA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "gfIEl2znKgiy+ZSNQhFiLg==": { "id": "gfIEl2znKgiy+ZSNQhFiLg==", "updater": "rhel-vex", "name": "CVE-2023-31122", "description": "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", "issued": "2023-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31122 https://bugzilla.redhat.com/show_bug.cgi?id=2245332 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://nvd.nist.gov/vuln/detail/CVE-2023-31122 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31122.json https://access.redhat.com/errata/RHSA-2024:2278", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_lua", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-8.el9", "arch_op": "pattern match" }, "ggfY6gCBW/GSQd8oZSsAGg==": { "id": "ggfY6gCBW/GSQd8oZSsAGg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "gh7IiVLtHhqlEfQymEmXiQ==": { "id": "gh7IiVLtHhqlEfQymEmXiQ==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "giLBrK6czoD3l3BDs0Jfcw==": { "id": "giLBrK6czoD3l3BDs0Jfcw==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gltsekO9p4cbvcWxBDVbSw==": { "id": "gltsekO9p4cbvcWxBDVbSw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "gnXtmE3L2gvbt8pzYX37xw==": { "id": "gnXtmE3L2gvbt8pzYX37xw==", "updater": "rhel-vex", "name": "CVE-2024-38476", "description": "A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 https://www.cve.org/CVERecord?id=CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38476.json https://access.redhat.com/errata/RHSA-2024:5138", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "httpd-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4.1", "arch_op": "pattern match" }, "gr6cX5pFzua7lsdikMJZaA==": { "id": "gr6cX5pFzua7lsdikMJZaA==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "grTEewXQ3rAV4agaHcml8w==": { "id": "grTEewXQ3rAV4agaHcml8w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "gvOYexCvSFjRc1ovPwHsww==": { "id": "gvOYexCvSFjRc1ovPwHsww==", "updater": "rhel-vex", "name": "CVE-2023-34410", "description": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.", "issued": "2023-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34410 https://bugzilla.redhat.com/show_bug.cgi?id=2212747 https://www.cve.org/CVERecord?id=CVE-2023-34410 https://nvd.nist.gov/vuln/detail/CVE-2023-34410 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34410.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "h+nOQU6khNxAH7kkGqVqkQ==": { "id": "h+nOQU6khNxAH7kkGqVqkQ==", "updater": "rhel-vex", "name": "CVE-2022-3296", "description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3296.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h08ca9AawAYymWtiO1A44A==": { "id": "h08ca9AawAYymWtiO1A44A==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h1MWemxlLHNRpaCeXx1S7A==": { "id": "h1MWemxlLHNRpaCeXx1S7A==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "h4OS/K8oEkyAvmNo4yuDKg==": { "id": "h4OS/K8oEkyAvmNo4yuDKg==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "h6GTPnls31RdKBTZJul/dw==": { "id": "h6GTPnls31RdKBTZJul/dw==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "h8L7lkg9bH1dokRGj7cGGw==": { "id": "h8L7lkg9bH1dokRGj7cGGw==", "updater": "rhel-vex", "name": "CVE-2023-22652", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow, resulting in a denial of service.", "issued": "2023-03-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22652 https://bugzilla.redhat.com/show_bug.cgi?id=2212463 https://www.cve.org/CVERecord?id=CVE-2023-22652 https://nvd.nist.gov/vuln/detail/CVE-2023-22652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22652.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "hAaZlwqM0X/FPe0ATui+mQ==": { "id": "hAaZlwqM0X/FPe0ATui+mQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "hGz8R5Dny4UCIDPZzXbK3g==": { "id": "hGz8R5Dny4UCIDPZzXbK3g==", "updater": "rhel-vex", "name": "CVE-2021-38593", "description": "Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).", "issued": "2021-07-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-38593 https://bugzilla.redhat.com/show_bug.cgi?id=1994719 https://www.cve.org/CVERecord?id=CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-38593.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hIYK8dYP12YRdV2TNfMD0Q==": { "id": "hIYK8dYP12YRdV2TNfMD0Q==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "hMkYbCHpeOKQraSBEl8+Aw==": { "id": "hMkYbCHpeOKQraSBEl8+Aw==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "hOaTNNHYnZOlOC5ujyrkpQ==": { "id": "hOaTNNHYnZOlOC5ujyrkpQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "hQhn3O6sw4QusprpMJeLag==": { "id": "hQhn3O6sw4QusprpMJeLag==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "hR3E2ddB3lLEfqeWD3t/gg==": { "id": "hR3E2ddB3lLEfqeWD3t/gg==", "updater": "rhel-vex", "name": "CVE-2024-38473", "description": "A flaw was found in the mod_proxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38473 https://bugzilla.redhat.com/show_bug.cgi?id=2295012 https://www.cve.org/CVERecord?id=CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38473.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "hRMmSXWNjnz6N6DylTgifg==": { "id": "hRMmSXWNjnz6N6DylTgifg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "hVOFvG1HRBUhlwlYajt2Yg==": { "id": "hVOFvG1HRBUhlwlYajt2Yg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "hbOAbiOJ6F6ohNePMmRtlQ==": { "id": "hbOAbiOJ6F6ohNePMmRtlQ==", "updater": "rhel-vex", "name": "CVE-2025-29087", "description": "A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concat_ws function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29087 https://bugzilla.redhat.com/show_bug.cgi?id=2358028 https://www.cve.org/CVERecord?id=CVE-2025-29087 https://nvd.nist.gov/vuln/detail/CVE-2025-29087 https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29087.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hc++EiPoaVY0Qkk7w+nh4A==": { "id": "hc++EiPoaVY0Qkk7w+nh4A==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "hcNgLCV/TsDPpNYUtRv1MQ==": { "id": "hcNgLCV/TsDPpNYUtRv1MQ==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "hfZSSxHN31zxV+RJ48FtBg==": { "id": "hfZSSxHN31zxV+RJ48FtBg==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "hiF9bhRE95azD1Yk9fu+ZA==": { "id": "hiF9bhRE95azD1Yk9fu+ZA==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "hlxmQBFaQxEPXXbn/iv6Hw==": { "id": "hlxmQBFaQxEPXXbn/iv6Hw==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "hoEzPUhgPgrwsfAtoMIFaQ==": { "id": "hoEzPUhgPgrwsfAtoMIFaQ==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "hqRw6qkUism7SLSc7yKfvA==": { "id": "hqRw6qkUism7SLSc7yKfvA==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "hrshc3JV1jRyp5Xnhxc38g==": { "id": "hrshc3JV1jRyp5Xnhxc38g==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "hv+ParDx50dAs4r0Ndx/ew==": { "id": "hv+ParDx50dAs4r0Ndx/ew==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "hxluEp8Si16NQcfaJDWcLg==": { "id": "hxluEp8Si16NQcfaJDWcLg==", "updater": "rhel-vex", "name": "CVE-2022-3324", "description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3324.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "i1iqh+iGOleBv5v21I50xw==": { "id": "i1iqh+iGOleBv5v21I50xw==", "updater": "rhel-vex", "name": "CVE-2024-37891", "description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-5.el9_4.1", "arch_op": "pattern match" }, "i7i43TkKrsR4/wY+an9ySQ==": { "id": "i7i43TkKrsR4/wY+an9ySQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "i8+mJGQkaRsXWs3mhtMbqg==": { "id": "i8+mJGQkaRsXWs3mhtMbqg==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "i8dk1r/TRekVIPdDRGnYAA==": { "id": "i8dk1r/TRekVIPdDRGnYAA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "iEmJ0GmqtnnVYVaxRdkVag==": { "id": "iEmJ0GmqtnnVYVaxRdkVag==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "iK/w4oP0ry88Fhi1iG/FpA==": { "id": "iK/w4oP0ry88Fhi1iG/FpA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-SelectSaver", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.02-481.el9", "arch_op": "pattern match" }, "iSzOvPxPGZr2PfJTBTQBCQ==": { "id": "iSzOvPxPGZr2PfJTBTQBCQ==", "updater": "rhel-vex", "name": "CVE-2024-29040", "description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "issued": "2024-04-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-29040.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iUX24ei3drbG8K2ZPOVF1w==": { "id": "iUX24ei3drbG8K2ZPOVF1w==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "iWt0hZuyonyjl9VX/4tg3w==": { "id": "iWt0hZuyonyjl9VX/4tg3w==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "iX218jkzkS2+JTcyUOQcCg==": { "id": "iX218jkzkS2+JTcyUOQcCg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "igIYJ7n3zFwL82cBbA97yg==": { "id": "igIYJ7n3zFwL82cBbA97yg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "iiMfHakEGjzHeRLdhfwghA==": { "id": "iiMfHakEGjzHeRLdhfwghA==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "ijiaRlnbujxKRwcR5Q2+pQ==": { "id": "ijiaRlnbujxKRwcR5Q2+pQ==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "irh5kSvT+LkcgG9ddEDxbg==": { "id": "irh5kSvT+LkcgG9ddEDxbg==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "isjT5nIgMy52h44P4+fxFg==": { "id": "isjT5nIgMy52h44P4+fxFg==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "ixc06f0H9vqMfsbwQSwwvA==": { "id": "ixc06f0H9vqMfsbwQSwwvA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iyUEiVvehckWkbAo1xljbg==": { "id": "iyUEiVvehckWkbAo1xljbg==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "izjZI/AsSlkRCQFNfC3oCA==": { "id": "izjZI/AsSlkRCQFNfC3oCA==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "j++bgkWi+YcL90tYl7GuqA==": { "id": "j++bgkWi+YcL90tYl7GuqA==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j6J3aybJPyGqPMBpG68ocw==": { "id": "j6J3aybJPyGqPMBpG68ocw==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "j6Ki8P4Vb2sZGNB1xlEkQA==": { "id": "j6Ki8P4Vb2sZGNB1xlEkQA==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "j7yoSCks+i8LevHtgFwCwQ==": { "id": "j7yoSCks+i8LevHtgFwCwQ==", "updater": "rhel-vex", "name": "CVE-2023-24056", "description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "pkgconf", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jBgz1HPac1SzEIbHN0IxsQ==": { "id": "jBgz1HPac1SzEIbHN0IxsQ==", "updater": "rhel-vex", "name": "CVE-2024-24795", "description": "A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24795 https://bugzilla.redhat.com/show_bug.cgi?id=2273499 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24795.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "httpd-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "jD8UkMRQckMY49rmmq/l/w==": { "id": "jD8UkMRQckMY49rmmq/l/w==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "jEwfbMyfFZbq+8RZhi1Maw==": { "id": "jEwfbMyfFZbq+8RZhi1Maw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "jNk5fjsXDY1nIqwNJG9gBA==": { "id": "jNk5fjsXDY1nIqwNJG9gBA==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "jRtF/kn/3fSzbp/7sWwiig==": { "id": "jRtF/kn/3fSzbp/7sWwiig==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "jU6R01smYIMn3KeQZsQ68g==": { "id": "jU6R01smYIMn3KeQZsQ68g==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "jiVVTQmOtKqVixv7agF/Hg==": { "id": "jiVVTQmOtKqVixv7agF/Hg==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jlGZMt4HZ4sFDGyWBYiG5A==": { "id": "jlGZMt4HZ4sFDGyWBYiG5A==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "jlhRpuK0j9viGlxiAnKR7w==": { "id": "jlhRpuK0j9viGlxiAnKR7w==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "js5JzMGM8uuQxX+aKnVURA==": { "id": "js5JzMGM8uuQxX+aKnVURA==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "js8i7gcaSUkeCD0kc562Bw==": { "id": "js8i7gcaSUkeCD0kc562Bw==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "jwGLTuKM5GavU6fep3WjhQ==": { "id": "jwGLTuKM5GavU6fep3WjhQ==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "k+7PDiqjiZmgwmR4YKvp9w==": { "id": "k+7PDiqjiZmgwmR4YKvp9w==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "k/CdFos3+OXmV6TI04xnUQ==": { "id": "k/CdFos3+OXmV6TI04xnUQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "k0+XSeQ+Lylj5KsCbogU9A==": { "id": "k0+XSeQ+Lylj5KsCbogU9A==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "k1fZChROpigN0QVc8mb4/Q==": { "id": "k1fZChROpigN0QVc8mb4/Q==", "updater": "rhel-vex", "name": "CVE-2024-38475", "description": "A flaw was found in the mod_rewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38475 https://bugzilla.redhat.com/show_bug.cgi?id=2295014 https://www.cve.org/CVERecord?id=CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38475.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "httpd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "k1iloax1qfqa4/tolfprdg==": { "id": "k1iloax1qfqa4/tolfprdg==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "k4cfSQ57LEw9O0FDfmqx3A==": { "id": "k4cfSQ57LEw9O0FDfmqx3A==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "k5rG5dJ0YXUfmpLK9l9ICw==": { "id": "k5rG5dJ0YXUfmpLK9l9ICw==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "kAqWBUicknsNlYe6T7rf3w==": { "id": "kAqWBUicknsNlYe6T7rf3w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "kB5UdZ4TbmRXHAdPCWAEuA==": { "id": "kB5UdZ4TbmRXHAdPCWAEuA==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "kEe4Kuw3hXrzhJ/JDjR7wg==": { "id": "kEe4Kuw3hXrzhJ/JDjR7wg==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "kHjC5QVIEbAPA3Kvkur0dg==": { "id": "kHjC5QVIEbAPA3Kvkur0dg==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "kLcAGGGbc3pWzCon+2kDLA==": { "id": "kLcAGGGbc3pWzCon+2kDLA==", "updater": "rhel-vex", "name": "CVE-2017-17095", "description": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "issued": "2017-11-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1524284 https://www.cve.org/CVERecord?id=CVE-2017-17095 https://nvd.nist.gov/vuln/detail/CVE-2017-17095 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17095.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kORvLVboAF7IGUrTjNX9IQ==": { "id": "kORvLVboAF7IGUrTjNX9IQ==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "kQq8hvN2yLWiupMaLbRduA==": { "id": "kQq8hvN2yLWiupMaLbRduA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Symbol", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.08-481.el9", "arch_op": "pattern match" }, "kSIDoAhsP/87TLsxcD9iYw==": { "id": "kSIDoAhsP/87TLsxcD9iYw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "kTSRcRUr3mSxDRXVL9dhcw==": { "id": "kTSRcRUr3mSxDRXVL9dhcw==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "kTyfGInwWoCVv7gGPYCF5g==": { "id": "kTyfGInwWoCVv7gGPYCF5g==", "updater": "rhel-vex", "name": "CVE-2023-2610", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2610.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kUo4IyXRh1XFppRDAqTNnw==": { "id": "kUo4IyXRh1XFppRDAqTNnw==", "updater": "rhel-vex", "name": "CVE-2023-33285", "description": "A vulnerability was discovered in Qt. This security flaw occurs in the QDnsLookup function, which has a buffer over-read via a crafted reply from a DNS server.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-33285 https://bugzilla.redhat.com/show_bug.cgi?id=2209488 https://www.cve.org/CVERecord?id=CVE-2023-33285 https://nvd.nist.gov/vuln/detail/CVE-2023-33285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-33285.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "kW3kBkBylDrqi8VPcr/e1Q==": { "id": "kW3kBkBylDrqi8VPcr/e1Q==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "kaUbMItvWrS1leJMEsAk9A==": { "id": "kaUbMItvWrS1leJMEsAk9A==", "updater": "rhel-vex", "name": "CVE-2022-2284", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2284.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kb+dJWap/vqDJjrjHMXEJA==": { "id": "kb+dJWap/vqDJjrjHMXEJA==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "kdLSOIDVCc2afSs940b7fw==": { "id": "kdLSOIDVCc2afSs940b7fw==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "km4/t4mBY59JctKjJhxr7w==": { "id": "km4/t4mBY59JctKjJhxr7w==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "kp7mMuZUbdcg/xR97OICPg==": { "id": "kp7mMuZUbdcg/xR97OICPg==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "kp7y/8/qIa8rhviA3lrmrg==": { "id": "kp7y/8/qIa8rhviA3lrmrg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "kvStyGN84HUBQGFgfm8YsQ==": { "id": "kvStyGN84HUBQGFgfm8YsQ==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kwBmjCC7+d5xUliMZJPNWA==": { "id": "kwBmjCC7+d5xUliMZJPNWA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-stat", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.09-481.el9", "arch_op": "pattern match" }, "kz6iRBveELIreSMq2mxHNg==": { "id": "kz6iRBveELIreSMq2mxHNg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "l2+nQ26t0lYvVluseJErUQ==": { "id": "l2+nQ26t0lYvVluseJErUQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Copy", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-481.el9", "arch_op": "pattern match" }, "l7R0dYa3/wacw5OfFFHc2g==": { "id": "l7R0dYa3/wacw5OfFFHc2g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "lDV5qcTcJkBCbILUcFq4dA==": { "id": "lDV5qcTcJkBCbILUcFq4dA==", "updater": "rhel-vex", "name": "CVE-2023-2953", "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2953 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2953.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openldap", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lHLNxD93t7uUJfmDhNwvCQ==": { "id": "lHLNxD93t7uUJfmDhNwvCQ==", "updater": "rhel-vex", "name": "CVE-2022-3256", "description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3256.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lJ4kViLtNjqmVXppw3SyZQ==": { "id": "lJ4kViLtNjqmVXppw3SyZQ==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "lJeTT/Y9HVuGmrDkd/kJpw==": { "id": "lJeTT/Y9HVuGmrDkd/kJpw==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "lKTqUwulx7XO67+VKem76Q==": { "id": "lKTqUwulx7XO67+VKem76Q==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "lKWd5TH1rX+jMUJKexEO4g==": { "id": "lKWd5TH1rX+jMUJKexEO4g==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "lKniGV6mBq1xFWJ6V0QVvA==": { "id": "lKniGV6mBq1xFWJ6V0QVvA==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "lQg0sAGfxNq+Wu4yn9u7FQ==": { "id": "lQg0sAGfxNq+Wu4yn9u7FQ==", "updater": "rhel-vex", "name": "CVE-2024-39573", "description": "A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39573 https://bugzilla.redhat.com/show_bug.cgi?id=2295022 https://www.cve.org/CVERecord?id=CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39573.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_ssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:2.4.57-11.el9_4", "arch_op": "pattern match" }, "lSGUFif7Vc6m/DbHhjQImQ==": { "id": "lSGUFif7Vc6m/DbHhjQImQ==", "updater": "rhel-vex", "name": "CVE-2024-24795", "description": "A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24795 https://bugzilla.redhat.com/show_bug.cgi?id=2273499 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24795.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "mod_lua", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "lShNjxk/0kUQZo1dsKp7Lg==": { "id": "lShNjxk/0kUQZo1dsKp7Lg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "lTBbmC+SvCXRPdEhl1Ahaw==": { "id": "lTBbmC+SvCXRPdEhl1Ahaw==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "lYfCoUzW92wHdYAjBr0Hag==": { "id": "lYfCoUzW92wHdYAjBr0Hag==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "lbxN096+MM/KBPw8fZJzzw==": { "id": "lbxN096+MM/KBPw8fZJzzw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "lfRSe3KnjizxALbsHC2rVQ==": { "id": "lfRSe3KnjizxALbsHC2rVQ==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "lgDJBQQ7c78g/JJCPZyTdg==": { "id": "lgDJBQQ7c78g/JJCPZyTdg==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "ljV3kxoZPw27QJuT3LTVew==": { "id": "ljV3kxoZPw27QJuT3LTVew==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "luwgFmI9PBVJtU7lZ44gYA==": { "id": "luwgFmI9PBVJtU7lZ44gYA==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "lz6O0nYiDpis8SScmTUuSg==": { "id": "lz6O0nYiDpis8SScmTUuSg==", "updater": "rhel-vex", "name": "CVE-2025-1215", "description": "A flaw was found in Vim. A local user may be able to trigger memory corruption by using the `--log` option with a non-existent path, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-12T18:31:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1215 https://bugzilla.redhat.com/show_bug.cgi?id=2345318 https://www.cve.org/CVERecord?id=CVE-2025-1215 https://nvd.nist.gov/vuln/detail/CVE-2025-1215 https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9 https://github.com/vim/vim/issues/16606 https://github.com/vim/vim/releases/tag/v9.1.1097 https://vuldb.com/?ctiid.295174 https://vuldb.com/?id.295174 https://vuldb.com/?submit.497546 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1215.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lzzMoGjfCQVwFi4bhK2jEA==": { "id": "lzzMoGjfCQVwFi4bhK2jEA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "m64TKKrLseuJrm+3BIIOIg==": { "id": "m64TKKrLseuJrm+3BIIOIg==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "m6kwbTpOzBrFGJ63gjT+hA==": { "id": "m6kwbTpOzBrFGJ63gjT+hA==", "updater": "rhel-vex", "name": "CVE-2024-38474", "description": "A flaw was found in the mod_rewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38474 https://bugzilla.redhat.com/show_bug.cgi?id=2295013 https://www.cve.org/CVERecord?id=CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38474.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "httpd-tools", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "m8JLumk5EhM5fKwi6Y9sfw==": { "id": "m8JLumk5EhM5fKwi6Y9sfw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "m9bQWf5c9pRFKrNcvjU06g==": { "id": "m9bQWf5c9pRFKrNcvjU06g==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "mGnF1yHBoKIJbRzNCdab+Q==": { "id": "mGnF1yHBoKIJbRzNCdab+Q==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "mMne5M/uo8CArUpQts+E/g==": { "id": "mMne5M/uo8CArUpQts+E/g==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mTe73yDGtNKBR9vMgderPA==": { "id": "mTe73yDGtNKBR9vMgderPA==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "mXtloR/ustBd3YdFN2xuJw==": { "id": "mXtloR/ustBd3YdFN2xuJw==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "meNyncb9fNYGERpV1NYrdQ==": { "id": "meNyncb9fNYGERpV1NYrdQ==", "updater": "rhel-vex", "name": "CVE-2023-27522", "description": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27522 https://bugzilla.redhat.com/show_bug.cgi?id=2176211 https://www.cve.org/CVERecord?id=CVE-2023-27522 https://nvd.nist.gov/vuln/detail/CVE-2023-27522 https://httpd.apache.org/security/vulnerabilities_24.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27522.json https://access.redhat.com/errata/RHSA-2023:6403", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_ldap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-5.el9", "arch_op": "pattern match" }, "mgiAXi9bEDY+U7GKOk22xQ==": { "id": "mgiAXi9bEDY+U7GKOk22xQ==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mk1XE0ocPMZ1zLQU00rlYA==": { "id": "mk1XE0ocPMZ1zLQU00rlYA==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "mm2TrpfZhVe16kqFBRq/1g==": { "id": "mm2TrpfZhVe16kqFBRq/1g==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "mmFI4mA7exd6BfbwTUwJfQ==": { "id": "mmFI4mA7exd6BfbwTUwJfQ==", "updater": "rhel-vex", "name": "CVE-2021-20197", "description": "There is an open race window when writing output in the following utilities in GNU binutils1: ar, objcopy, strip, and ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.", "issued": "2021-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20197 https://bugzilla.redhat.com/show_bug.cgi?id=1913743 https://www.cve.org/CVERecord?id=CVE-2021-20197 https://nvd.nist.gov/vuln/detail/CVE-2021-20197 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20197.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mnUeQ4Vw9lyvW20zguI0Jw==": { "id": "mnUeQ4Vw9lyvW20zguI0Jw==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "moptNBqyzedtNhF5AQkSKw==": { "id": "moptNBqyzedtNhF5AQkSKw==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "mr8ERmk8X8w7fcjVVsFZxQ==": { "id": "mr8ERmk8X8w7fcjVVsFZxQ==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "mrw/N2aXp27zWWHmC5CUtA==": { "id": "mrw/N2aXp27zWWHmC5CUtA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "mzudbhzyxeahL7ZqcHKBNA==": { "id": "mzudbhzyxeahL7ZqcHKBNA==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "n/nPV3PWwT/nX6gwjJjU6w==": { "id": "n/nPV3PWwT/nX6gwjJjU6w==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "n39YhRffL6tFFAy/S18A8Q==": { "id": "n39YhRffL6tFFAy/S18A8Q==", "updater": "rhel-vex", "name": "CVE-2025-1371", "description": "A flaw was found in GNU elfutils. This vulnerability allows a NULL pointer dereference via the handle_dynamic_symtab function in readelf.c.", "issued": "2025-02-17T02:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1371 https://bugzilla.redhat.com/show_bug.cgi?id=2346055 https://www.cve.org/CVERecord?id=CVE-2025-1371 https://nvd.nist.gov/vuln/detail/CVE-2025-1371 https://sourceware.org/bugzilla/attachment.cgi?id=15926 https://sourceware.org/bugzilla/show_bug.cgi?id=32655 https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2 https://vuldb.com/?ctiid.295978 https://vuldb.com/?id.295978 https://vuldb.com/?submit.496484 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1371.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n6P1LNQtOKO2D4puI71Auw==": { "id": "n6P1LNQtOKO2D4puI71Auw==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libquadmath", "version": "", "kind": "binary", "normalized_version": "", "arch": "i686|ppc64le|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "nBIbXPa+XHxa5HNwUkiI5Q==": { "id": "nBIbXPa+XHxa5HNwUkiI5Q==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "nC4l7O18/jmlfiNKOKyszA==": { "id": "nC4l7O18/jmlfiNKOKyszA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "nD1KRgcfZaRxt4xJsj1tug==": { "id": "nD1KRgcfZaRxt4xJsj1tug==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "nPSgEkWJB1b5/FQHoj8iDQ==": { "id": "nPSgEkWJB1b5/FQHoj8iDQ==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "nQa7bF7X3iUh1i4gjOdv+Q==": { "id": "nQa7bF7X3iUh1i4gjOdv+Q==", "updater": "rhel-vex", "name": "CVE-2024-38474", "description": "A flaw was found in the mod_rewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38474 https://bugzilla.redhat.com/show_bug.cgi?id=2295013 https://www.cve.org/CVERecord?id=CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38474.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "mod_ldap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "nXKbfJDunfdn7rpKOTEQaQ==": { "id": "nXKbfJDunfdn7rpKOTEQaQ==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "nZWUanjTwczZHAOfOo7z6g==": { "id": "nZWUanjTwczZHAOfOo7z6g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "ndiQlGlGFfiNqSZTxkw6Jg==": { "id": "ndiQlGlGFfiNqSZTxkw6Jg==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "nhrGIpCrz+AkUCXc1l2xPQ==": { "id": "nhrGIpCrz+AkUCXc1l2xPQ==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "noUIfMZn5dUZdEKTi/GsOA==": { "id": "noUIfMZn5dUZdEKTi/GsOA==", "updater": "rhel-vex", "name": "CVE-2024-30204", "description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30204.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "noiZ4vsqIEp1S/OLQJJb5w==": { "id": "noiZ4vsqIEp1S/OLQJJb5w==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "nqFoLk/pCsthdVW9bEMEEQ==": { "id": "nqFoLk/pCsthdVW9bEMEEQ==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "nw3xTn5H4isiDWgRRp2mFQ==": { "id": "nw3xTn5H4isiDWgRRp2mFQ==", "updater": "rhel-vex", "name": "CVE-2024-38476", "description": "A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 https://www.cve.org/CVERecord?id=CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38476.json https://access.redhat.com/errata/RHSA-2024:5138", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "httpd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4.1", "arch_op": "pattern match" }, "o+49RIUDbPi51VBD4jUyKA==": { "id": "o+49RIUDbPi51VBD4jUyKA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "o/u/1w71z7P7I8H9GBIsbw==": { "id": "o/u/1w71z7P7I8H9GBIsbw==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "o16kBwzDyL2DXuhbCPWX9Q==": { "id": "o16kBwzDyL2DXuhbCPWX9Q==", "updater": "rhel-vex", "name": "CVE-2021-3572", "description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "issued": "2021-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3572.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "o4XSf3iuWcKQUGp2hHoEXw==": { "id": "o4XSf3iuWcKQUGp2hHoEXw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "o6RwbTixAbGsSyddw1yZpQ==": { "id": "o6RwbTixAbGsSyddw1yZpQ==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "o7Wt0RgmjSYSjMhb6uYQ8A==": { "id": "o7Wt0RgmjSYSjMhb6uYQ8A==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "o8O4Ttqnv0lQfm1yyfyVsw==": { "id": "o8O4Ttqnv0lQfm1yyfyVsw==", "updater": "rhel-vex", "name": "CVE-2022-1720", "description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "issued": "2022-05-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1720.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oAWlLj5xhoQdD0/9sVLozQ==": { "id": "oAWlLj5xhoQdD0/9sVLozQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "oBP3fJ/dCNO09esiyvMqrQ==": { "id": "oBP3fJ/dCNO09esiyvMqrQ==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "oC9Bjc6XSoXXuaCbtXPlGg==": { "id": "oC9Bjc6XSoXXuaCbtXPlGg==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "oGVW07Zdco+t8LxGqPbEUA==": { "id": "oGVW07Zdco+t8LxGqPbEUA==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "oIBUxFCAPk4vRXBwpcmtFw==": { "id": "oIBUxFCAPk4vRXBwpcmtFw==", "updater": "rhel-vex", "name": "CVE-2022-44840", "description": "A heap-based buffer overflow vulnerability was found in binutils in the find_section_in_set function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity.", "issued": "2022-10-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44840 https://bugzilla.redhat.com/show_bug.cgi?id=2234004 https://www.cve.org/CVERecord?id=CVE-2022-44840 https://nvd.nist.gov/vuln/detail/CVE-2022-44840 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oOxpEAJ7Dm+eqzNK9Kk7sg==": { "id": "oOxpEAJ7Dm+eqzNK9Kk7sg==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "oPExWUHvFdxpqvgy6j7woA==": { "id": "oPExWUHvFdxpqvgy6j7woA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "oRWEjPcaLh6wk9wF4tCyHQ==": { "id": "oRWEjPcaLh6wk9wF4tCyHQ==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "No description is available for this CVE.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oRguU6Bj1B2w4/MXoRFLmQ==": { "id": "oRguU6Bj1B2w4/MXoRFLmQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "oUkJIbYpxyFXjg//yD+o4A==": { "id": "oUkJIbYpxyFXjg//yD+o4A==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "oVgcRSL89qnSRkMXpV8N8A==": { "id": "oVgcRSL89qnSRkMXpV8N8A==", "updater": "rhel-vex", "name": "CVE-2022-2819", "description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-08-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2819.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oWsNWJEvop+AFYK32IL8lQ==": { "id": "oWsNWJEvop+AFYK32IL8lQ==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "oa2eJ2AA2tul+4L/9uPxvQ==": { "id": "oa2eJ2AA2tul+4L/9uPxvQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "oc1sV4g+opFl9qII5XGKRQ==": { "id": "oc1sV4g+opFl9qII5XGKRQ==", "updater": "rhel-vex", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "2025-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://www.cve.org/CVERecord?id=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3576.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oov3ViUtB6SINzpltF5uvg==": { "id": "oov3ViUtB6SINzpltF5uvg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "oqSc7q4k6wTno/u9knscCQ==": { "id": "oqSc7q4k6wTno/u9knscCQ==", "updater": "rhel-vex", "name": "CVE-2024-9681", "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "issued": "2024-11-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9681 https://bugzilla.redhat.com/show_bug.cgi?id=2322969 https://www.cve.org/CVERecord?id=CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681 https://hackerone.com/reports/2764830 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9681.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "osF/ky4wSM3Q72U3bD1FWg==": { "id": "osF/ky4wSM3Q72U3bD1FWg==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "ow+W4FZFcnnnyqC0uw4arQ==": { "id": "ow+W4FZFcnnnyqC0uw4arQ==", "updater": "rhel-vex", "name": "CVE-2023-4016", "description": "A heap-based buffer overflow vulnerability was found in the procps project when handling untrusted input with the -C option. This issue may allow a user with \"ps\" utility access to write unfiltered data into the process heap, triggering an out-of-bounds write, consuming memory and causing a crash, resulting in a denial of service.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4016 https://bugzilla.redhat.com/show_bug.cgi?id=2228494 https://www.cve.org/CVERecord?id=CVE-2023-4016 https://nvd.nist.gov/vuln/detail/CVE-2023-4016 https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413 https://gitlab.com/procps-ng/procps/-/issues/297 https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4016.json https://access.redhat.com/errata/RHSA-2023:6705", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "procps-ng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.3.17-13.el9", "arch_op": "pattern match" }, "oyvtOIVUDqm1ruQx8vhRhA==": { "id": "oyvtOIVUDqm1ruQx8vhRhA==", "updater": "rhel-vex", "name": "CVE-2024-22667", "description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "issued": "2024-02-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22667.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "p+/lVnQY390ujHn+5BtI2A==": { "id": "p+/lVnQY390ujHn+5BtI2A==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "p+98IgLdMXrine+F59C4xg==": { "id": "p+98IgLdMXrine+F59C4xg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "p1VyabkyUDrwvan/iP7K5A==": { "id": "p1VyabkyUDrwvan/iP7K5A==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "pBoQ+PsAQ5BZXsP3ZwzxpA==": { "id": "pBoQ+PsAQ5BZXsP3ZwzxpA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "pF2JpxOM63dkisq1Y3Mt1Q==": { "id": "pF2JpxOM63dkisq1Y3Mt1Q==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "pH8+w8Xtk7zJJtrUbdYyhA==": { "id": "pH8+w8Xtk7zJJtrUbdYyhA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "pJcWMOFMt41bY+94aWQQQQ==": { "id": "pJcWMOFMt41bY+94aWQQQQ==", "updater": "rhel-vex", "name": "CVE-2023-31486", "description": "A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=\u003e1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server.", "issued": "2023-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31486 https://bugzilla.redhat.com/show_bug.cgi?id=2228392 https://www.cve.org/CVERecord?id=CVE-2023-31486 https://nvd.nist.gov/vuln/detail/CVE-2023-31486 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31486.json https://access.redhat.com/errata/RHSA-2023:6542", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-HTTP-Tiny", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.076-461.el9", "arch_op": "pattern match" }, "pKzPEO7/xjyXrMbpLiciEw==": { "id": "pKzPEO7/xjyXrMbpLiciEw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "pa953vHlkxOHxS+pLBTLTg==": { "id": "pa953vHlkxOHxS+pLBTLTg==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "pcgYjOzbPacRVQRcOgMasw==": { "id": "pcgYjOzbPacRVQRcOgMasw==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "peMVLpnT962hXrm4IDBPqg==": { "id": "peMVLpnT962hXrm4IDBPqg==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "ph0x625aARsE8YFKgES8uA==": { "id": "ph0x625aARsE8YFKgES8uA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "pisd40lsYyPZfJXI5PaneQ==": { "id": "pisd40lsYyPZfJXI5PaneQ==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "pn8svlPRhNDdX1blrq/avQ==": { "id": "pn8svlPRhNDdX1blrq/avQ==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "pr6wo3A29JKUBSVK/BGExw==": { "id": "pr6wo3A29JKUBSVK/BGExw==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "q/JIHOHyBf5oYZOBv4QV5w==": { "id": "q/JIHOHyBf5oYZOBv4QV5w==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "q4ElF35yZ0x2PA3O3q2EVQ==": { "id": "q4ElF35yZ0x2PA3O3q2EVQ==", "updater": "rhel-vex", "name": "CVE-2024-38476", "description": "A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 https://www.cve.org/CVERecord?id=CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38476.json https://access.redhat.com/errata/RHSA-2024:5138", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "mod_ldap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4.1", "arch_op": "pattern match" }, "q6lhV1L2lF0++R6MkKl+kA==": { "id": "q6lhV1L2lF0++R6MkKl+kA==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "q7sBMd/vv2s2xJ4pQXPOHg==": { "id": "q7sBMd/vv2s2xJ4pQXPOHg==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "q99r/5og6gILO4INuTA0sQ==": { "id": "q99r/5og6gILO4INuTA0sQ==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "qAOl8Bnkad8YQcGLFtMNDg==": { "id": "qAOl8Bnkad8YQcGLFtMNDg==", "updater": "osv/pypi", "name": "GHSA-mq26-g339-26xf", "description": "Command Injection in pip when used with Mercurial", "issued": "2023-10-25T18:32:26Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752 https://github.com/pypa/pip/pull/12306 https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4 https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml https://github.com/pypa/pip https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "qEeYDq0eQPLYgykJCgjNbg==": { "id": "qEeYDq0eQPLYgykJCgjNbg==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "qEhRdzGH44SGjJIcqcIv/g==": { "id": "qEhRdzGH44SGjJIcqcIv/g==", "updater": "rhel-vex", "name": "CVE-2022-2344", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qWK7H7gz7e8gS19GJSeIIg==": { "id": "qWK7H7gz7e8gS19GJSeIIg==", "updater": "rhel-vex", "name": "CVE-2022-2889", "description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2889.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qYORp6v9x0Jy6S8OKerZvw==": { "id": "qYORp6v9x0Jy6S8OKerZvw==", "updater": "rhel-vex", "name": "CVE-2023-4738", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4738.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qau+Fm/24UQljHWBD/OZyw==": { "id": "qau+Fm/24UQljHWBD/OZyw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "qd6f1Pm+8EQf+vKTgQIKag==": { "id": "qd6f1Pm+8EQf+vKTgQIKag==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "qdN4e87DQwOAw1DeFfPnZw==": { "id": "qdN4e87DQwOAw1DeFfPnZw==", "updater": "rhel-vex", "name": "CVE-2024-39573", "description": "A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39573 https://bugzilla.redhat.com/show_bug.cgi?id=2295022 https://www.cve.org/CVERecord?id=CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39573.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "qga4oRtpFgA1YSSQz4jFqg==": { "id": "qga4oRtpFgA1YSSQz4jFqg==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "qiEX0D3xIH6PsLjz8RerYA==": { "id": "qiEX0D3xIH6PsLjz8RerYA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "qjKGGY3933nbxsRxZfTnQw==": { "id": "qjKGGY3933nbxsRxZfTnQw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "qjR4mPW4a9B3pl+6YNwqVw==": { "id": "qjR4mPW4a9B3pl+6YNwqVw==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "qk9S8kWzmq71qXaFOZgOpg==": { "id": "qk9S8kWzmq71qXaFOZgOpg==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "qmOnOxNwhPY6vKeXEAxu9w==": { "id": "qmOnOxNwhPY6vKeXEAxu9w==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "qnPr3gcD7In/41sUsGuJuA==": { "id": "qnPr3gcD7In/41sUsGuJuA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "qug1advw8m4TjVAUPEUPiA==": { "id": "qug1advw8m4TjVAUPEUPiA==", "updater": "rhel-vex", "name": "CVE-2023-4751", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "issued": "2023-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4751.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qwaLsgSownBAuP4PEhYGjQ==": { "id": "qwaLsgSownBAuP4PEhYGjQ==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "r0JitrfPWpsMEQUCD9uWDw==": { "id": "r0JitrfPWpsMEQUCD9uWDw==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "r3RLKNYtYvKarBqnnrlrew==": { "id": "r3RLKNYtYvKarBqnnrlrew==", "updater": "rhel-vex", "name": "CVE-2022-0529", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0529 https://bugzilla.redhat.com/show_bug.cgi?id=2051402 https://www.cve.org/CVERecord?id=CVE-2022-0529 https://nvd.nist.gov/vuln/detail/CVE-2022-0529 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0529.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r410Z5X0yojDsVg9YVcNqQ==": { "id": "r410Z5X0yojDsVg9YVcNqQ==", "updater": "rhel-vex", "name": "CVE-2022-2182", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2182.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r7FjmMNb7gvjumuk3FvyAw==": { "id": "r7FjmMNb7gvjumuk3FvyAw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "rANfKvTXxXq6V32cczrBHQ==": { "id": "rANfKvTXxXq6V32cczrBHQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rBsEXDMUV1tCYkxNiwvwEA==": { "id": "rBsEXDMUV1tCYkxNiwvwEA==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "rDDtdCntuyuji1lZ72ZxzA==": { "id": "rDDtdCntuyuji1lZ72ZxzA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rEdDUf16brwtMXDyTJsMjQ==": { "id": "rEdDUf16brwtMXDyTJsMjQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "rGjgjD/Clgx7UEcIO0/VxQ==": { "id": "rGjgjD/Clgx7UEcIO0/VxQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "rIgQBIDE6jMxwwM1LwcoaA==": { "id": "rIgQBIDE6jMxwwM1LwcoaA==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "rJljaCTiTdw1uI1lvfy+hw==": { "id": "rJljaCTiTdw1uI1lvfy+hw==", "updater": "rhel-vex", "name": "CVE-2023-1170", "description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1170.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rO5a9fYyaqaIZ4bH0M8fdA==": { "id": "rO5a9fYyaqaIZ4bH0M8fdA==", "updater": "rhel-vex", "name": "CVE-2022-2862", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2862.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rR+qbZpOBxw8zxI9IAWH5A==": { "id": "rR+qbZpOBxw8zxI9IAWH5A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rR226S9SV4WbmIVotM0CsQ==": { "id": "rR226S9SV4WbmIVotM0CsQ==", "updater": "rhel-vex", "name": "CVE-2023-46246", "description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.", "issued": "2023-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46246.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rREnUm7sDNyGeeD6RlvlrQ==": { "id": "rREnUm7sDNyGeeD6RlvlrQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "rTV9bjfy2M3+eJBkP+611w==": { "id": "rTV9bjfy2M3+eJBkP+611w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "rV+AIqZ70JJr5ykX/wSMqA==": { "id": "rV+AIqZ70JJr5ykX/wSMqA==", "updater": "rhel-vex", "name": "CVE-2024-38477", "description": "A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2295016 https://www.cve.org/CVERecord?id=CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38477.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "httpd-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "rXaqnJlNn2UeiJLxMzdz0w==": { "id": "rXaqnJlNn2UeiJLxMzdz0w==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "rXfDRM1LVoEbyd6JU1iKcQ==": { "id": "rXfDRM1LVoEbyd6JU1iKcQ==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "rb5DZ0is806TQPI0yy6fYA==": { "id": "rb5DZ0is806TQPI0yy6fYA==", "updater": "rhel-vex", "name": "CVE-2023-27522", "description": "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27522 https://bugzilla.redhat.com/show_bug.cgi?id=2176211 https://www.cve.org/CVERecord?id=CVE-2023-27522 https://nvd.nist.gov/vuln/detail/CVE-2023-27522 https://httpd.apache.org/security/vulnerabilities_24.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27522.json https://access.redhat.com/errata/RHSA-2023:6403", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd-tools", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-5.el9", "arch_op": "pattern match" }, "rc91cmUN6sQ7UsqR+Khjcw==": { "id": "rc91cmUN6sQ7UsqR+Khjcw==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "rd7C8AD7IYUHYPSfAYtKrQ==": { "id": "rd7C8AD7IYUHYPSfAYtKrQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-if", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.60.800-481.el9", "arch_op": "pattern match" }, "rjQPW5Euu4kWAju5fh1A6Q==": { "id": "rjQPW5Euu4kWAju5fh1A6Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "rjqWU/BvIUu++SGGPw8TnA==": { "id": "rjqWU/BvIUu++SGGPw8TnA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "rqTT1PftBwEJGbicjw/9lQ==": { "id": "rqTT1PftBwEJGbicjw/9lQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "rtFa3141Q9+bfT/6QHNRBg==": { "id": "rtFa3141Q9+bfT/6QHNRBg==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "rvXpPZHCcQcUEdKMC9tJIQ==": { "id": "rvXpPZHCcQcUEdKMC9tJIQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "rz6mUIc/WNmMqDJ62kTBMw==": { "id": "rz6mUIc/WNmMqDJ62kTBMw==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "s/7gHZSkaG/wubfvwUuCLw==": { "id": "s/7gHZSkaG/wubfvwUuCLw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "s/Jfbx1UXOiwzCCMDalr1A==": { "id": "s/Jfbx1UXOiwzCCMDalr1A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "s00I6skFa5o9PfOAkReUDQ==": { "id": "s00I6skFa5o9PfOAkReUDQ==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "s2ff/rj349ZZw+631Apu3w==": { "id": "s2ff/rj349ZZw+631Apu3w==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "s2uSNGuV+OyVW2eHDGWWKw==": { "id": "s2uSNGuV+OyVW2eHDGWWKw==", "updater": "rhel-vex", "name": "CVE-2025-29768", "description": "A flaw was found in Vim's zip.vim plugin. This vulnerability allows potential data loss via specially crafted zip files when a user views the archive in Vim and presses 'x' on an unusual filename.", "issued": "2025-03-13T17:04:56Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29768 https://bugzilla.redhat.com/show_bug.cgi?id=2352418 https://www.cve.org/CVERecord?id=CVE-2025-29768 https://nvd.nist.gov/vuln/detail/CVE-2025-29768 https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531 https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29768.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s3p2a+1ZN6WexZBk0888Pw==": { "id": "s3p2a+1ZN6WexZBk0888Pw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "s4GBMvRcoMkjpfrzX/GkLQ==": { "id": "s4GBMvRcoMkjpfrzX/GkLQ==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-gdbserver", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "s6kt2DqKLHgzYSGciPtGtQ==": { "id": "s6kt2DqKLHgzYSGciPtGtQ==", "updater": "rhel-vex", "name": "CVE-2021-4166", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4166.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s7lhI3LbQwMT+dukpP3kmg==": { "id": "s7lhI3LbQwMT+dukpP3kmg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "sAlO/t+jkkm59mLcdOgB9w==": { "id": "sAlO/t+jkkm59mLcdOgB9w==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sDamL08DYL9URybdOyWb+g==": { "id": "sDamL08DYL9URybdOyWb+g==", "updater": "rhel-vex", "name": "CVE-2024-38476", "description": "A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 https://www.cve.org/CVERecord?id=CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38476.json https://access.redhat.com/errata/RHSA-2024:5138", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "httpd-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4.1", "arch_op": "pattern match" }, "sHzNKKfomAzzwg2Sf6Qeaw==": { "id": "sHzNKKfomAzzwg2Sf6Qeaw==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "sJATpvVjqsVCTDPuxN1ZOw==": { "id": "sJATpvVjqsVCTDPuxN1ZOw==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "sKFgvk8xXWITWQ/QeRQbAQ==": { "id": "sKFgvk8xXWITWQ/QeRQbAQ==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "sMiI7LyEQVEePEq+VLCTxQ==": { "id": "sMiI7LyEQVEePEq+VLCTxQ==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "sQ2W4F2gpnWDvulegh7NnA==": { "id": "sQ2W4F2gpnWDvulegh7NnA==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "sSP/LkDGkhEk2XZGphdpfA==": { "id": "sSP/LkDGkhEk2XZGphdpfA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "sSpyMuxbh/+/Nula2ikXPw==": { "id": "sSpyMuxbh/+/Nula2ikXPw==", "updater": "rhel-vex", "name": "CVE-2017-17973", "description": "In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue", "issued": "2017-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17973 https://bugzilla.redhat.com/show_bug.cgi?id=1530912 https://www.cve.org/CVERecord?id=CVE-2017-17973 https://nvd.nist.gov/vuln/detail/CVE-2017-17973 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17973.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sV8sVArT8E8xe2ObgOwDQg==": { "id": "sV8sVArT8E8xe2ObgOwDQg==", "updater": "rhel-vex", "name": "CVE-2024-38476", "description": "A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 https://www.cve.org/CVERecord?id=CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38476.json https://access.redhat.com/errata/RHSA-2024:5138", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "httpd-tools", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4.1", "arch_op": "pattern match" }, "sVG4udZOusLp3MMAPcEW+g==": { "id": "sVG4udZOusLp3MMAPcEW+g==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sX4z+/MJJPdkzlB8meg6vA==": { "id": "sX4z+/MJJPdkzlB8meg6vA==", "updater": "osv/pypi", "name": "GHSA-cx63-2mw6-8hw5", "description": "setuptools vulnerable to Command Injection via package URL", "issued": "2024-07-15T03:30:57Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=70.0.0" }, "saBs9oNOsYX5kiTMkaioeQ==": { "id": "saBs9oNOsYX5kiTMkaioeQ==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "sc70wAms2Fm/s0Onai142g==": { "id": "sc70wAms2Fm/s0Onai142g==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "scu0fznRerd9B16y1/RO8g==": { "id": "scu0fznRerd9B16y1/RO8g==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "slSH4fTxavc0sTcES8JJyQ==": { "id": "slSH4fTxavc0sTcES8JJyQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "snkpykX/Nuv1Y3FeOzr09g==": { "id": "snkpykX/Nuv1Y3FeOzr09g==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "snuOK/MSU9RHiR0jGJiZAw==": { "id": "snuOK/MSU9RHiR0jGJiZAw==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "spUrZXE/9T5L+D38TKikhA==": { "id": "spUrZXE/9T5L+D38TKikhA==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "sptuc7ZZHxI6LEMAs9uKnw==": { "id": "sptuc7ZZHxI6LEMAs9uKnw==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "sqtVXJL7ZXdn2nvMXuC+4g==": { "id": "sqtVXJL7ZXdn2nvMXuC+4g==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "stpFdjHb8GMfliK+zQvBAw==": { "id": "stpFdjHb8GMfliK+zQvBAw==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "sut2Jyi9Sg5GxKwdaNmHPg==": { "id": "sut2Jyi9Sg5GxKwdaNmHPg==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "svTCiyRDx3OvFYJBUhuURw==": { "id": "svTCiyRDx3OvFYJBUhuURw==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "sxAqBgO+QgJyY1S376mbKA==": { "id": "sxAqBgO+QgJyY1S376mbKA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "sxs9MTyG3z1lQbHqC24JIQ==": { "id": "sxs9MTyG3z1lQbHqC24JIQ==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "t+BDL+U2MMfFVxGH0afsVA==": { "id": "t+BDL+U2MMfFVxGH0afsVA==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "t+NryM+08plBxhjTGAyZtQ==": { "id": "t+NryM+08plBxhjTGAyZtQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "t1KFd0M1KDDZG8emCusGiQ==": { "id": "t1KFd0M1KDDZG8emCusGiQ==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "t2vAQ1ifh2D1sI5NKQFGrQ==": { "id": "t2vAQ1ifh2D1sI5NKQFGrQ==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "t4zk3L2NvO9RseSjbbwBfw==": { "id": "t4zk3L2NvO9RseSjbbwBfw==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "t7klIbkcqJpX+Hibob7+Dg==": { "id": "t7klIbkcqJpX+Hibob7+Dg==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "A segmentation fault vulnerability was found in ncurses's convert_strings() function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tAjtjtLQRffvPdu/MRsVLw==": { "id": "tAjtjtLQRffvPdu/MRsVLw==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "tCZivYRvaQ30WQ6eJn2MjQ==": { "id": "tCZivYRvaQ30WQ6eJn2MjQ==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "tJi5yLt21mvpq+yBFP/U8w==": { "id": "tJi5yLt21mvpq+yBFP/U8w==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "tLSR0X6hQ7hvyPbBXZslBQ==": { "id": "tLSR0X6hQ7hvyPbBXZslBQ==", "updater": "rhel-vex", "name": "CVE-2022-2126", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2126.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tTNtM6MxTsMTJHkh5Jqm2w==": { "id": "tTNtM6MxTsMTJHkh5Jqm2w==", "updater": "rhel-vex", "name": "CVE-2024-38476", "description": "A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 https://www.cve.org/CVERecord?id=CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38476.json https://access.redhat.com/errata/RHSA-2024:5138", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "mod_lua", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4.1", "arch_op": "pattern match" }, "tTPMh2mU5gwswvtBybuwSw==": { "id": "tTPMh2mU5gwswvtBybuwSw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "tVfJwcNEqhKfRMwXYsOBjg==": { "id": "tVfJwcNEqhKfRMwXYsOBjg==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "tYNhc55MEKpBCY8cSsXw5Q==": { "id": "tYNhc55MEKpBCY8cSsXw5Q==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "tbhLz74i3ShwS72WbIsoOA==": { "id": "tbhLz74i3ShwS72WbIsoOA==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tbkEtEs3aa+p2/YQaD8BfQ==": { "id": "tbkEtEs3aa+p2/YQaD8BfQ==", "updater": "rhel-vex", "name": "CVE-2023-1972", "description": "A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.", "issued": "2023-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1972 https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://www.cve.org/CVERecord?id=CVE-2023-1972 https://nvd.nist.gov/vuln/detail/CVE-2023-1972 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tdOSkLU/PWQAH8ShYBRIaA==": { "id": "tdOSkLU/PWQAH8ShYBRIaA==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "teVzqeXKz5qAL9KrVUsKAA==": { "id": "teVzqeXKz5qAL9KrVUsKAA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overloading", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.02-481.el9", "arch_op": "pattern match" }, "teY0YQnCPIVyeq14QKaH3Q==": { "id": "teY0YQnCPIVyeq14QKaH3Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgfortran", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "tfTM5/5/Ffu+a3mCMoEEnQ==": { "id": "tfTM5/5/Ffu+a3mCMoEEnQ==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "tir4xRVpLmJ/9c0ix/fFbw==": { "id": "tir4xRVpLmJ/9c0ix/fFbw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "tmgvL67F6tn2BiYH4dbG+w==": { "id": "tmgvL67F6tn2BiYH4dbG+w==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "tn0LvNg6ynzrjuqYII6VjQ==": { "id": "tn0LvNg6ynzrjuqYII6VjQ==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "tnmQ7OUTVd9ReoxHm0e8ug==": { "id": "tnmQ7OUTVd9ReoxHm0e8ug==", "updater": "rhel-vex", "name": "CVE-2024-38475", "description": "A flaw was found in the mod_rewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38475 https://bugzilla.redhat.com/show_bug.cgi?id=2295014 https://www.cve.org/CVERecord?id=CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38475.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "mod_ssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:2.4.57-11.el9_4", "arch_op": "pattern match" }, "tnmlwiFTNywjV8t76lLkrA==": { "id": "tnmlwiFTNywjV8t76lLkrA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "todSxpG0ADSu6dX8ZW+q4A==": { "id": "todSxpG0ADSu6dX8ZW+q4A==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "ttvA33kOVBV+TWYGRrPG7g==": { "id": "ttvA33kOVBV+TWYGRrPG7g==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "tuHArjfmqVqOkSDvFpG0MA==": { "id": "tuHArjfmqVqOkSDvFpG0MA==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "txkZ/58CgqtFOXydvP1XLw==": { "id": "txkZ/58CgqtFOXydvP1XLw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "tzUjzL8cLULN/OVg5UVxHQ==": { "id": "tzUjzL8cLULN/OVg5UVxHQ==", "updater": "rhel-vex", "name": "CVE-2024-38475", "description": "A flaw was found in the mod_rewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38475 https://bugzilla.redhat.com/show_bug.cgi?id=2295014 https://www.cve.org/CVERecord?id=CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38475.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "httpd-tools", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "u/1qpWmYmlFZ94shsoLdNw==": { "id": "u/1qpWmYmlFZ94shsoLdNw==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "u/GlygAJjAdzCIr/SG3QgQ==": { "id": "u/GlygAJjAdzCIr/SG3QgQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "u1caIbS4Tk6y8c7sz8Hvhw==": { "id": "u1caIbS4Tk6y8c7sz8Hvhw==", "updater": "rhel-vex", "name": "CVE-2024-41957", "description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "issued": "2024-08-01T20:41:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uDfc8ZaPfrhTGcFwVaIvAA==": { "id": "uDfc8ZaPfrhTGcFwVaIvAA==", "updater": "rhel-vex", "name": "CVE-2023-48706", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48706.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uEn9qA67O/SoYHOtH/EL2w==": { "id": "uEn9qA67O/SoYHOtH/EL2w==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFXEnN9gepJ4+HtQWdLrOg==": { "id": "uFXEnN9gepJ4+HtQWdLrOg==", "updater": "rhel-vex", "name": "CVE-2023-25433", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the processCropSelections function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25433 https://bugzilla.redhat.com/show_bug.cgi?id=2218744 https://www.cve.org/CVERecord?id=CVE-2023-25433 https://nvd.nist.gov/vuln/detail/CVE-2023-25433 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFegF3JDarHwmUsDj39jKQ==": { "id": "uFegF3JDarHwmUsDj39jKQ==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "uGc7MAYPvmYBBoRBtRpR8w==": { "id": "uGc7MAYPvmYBBoRBtRpR8w==", "updater": "rhel-vex", "name": "CVE-2023-38709", "description": "A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38709 https://bugzilla.redhat.com/show_bug.cgi?id=2273491 https://www.cve.org/CVERecord?id=CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38709.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_lua", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "uJCDkMoBY4xBDdgsAXvBMQ==": { "id": "uJCDkMoBY4xBDdgsAXvBMQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "uO3OOEY6W3k9QH/tNVK0LQ==": { "id": "uO3OOEY6W3k9QH/tNVK0LQ==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uSuvSdYIemCRGlfv8lGkuQ==": { "id": "uSuvSdYIemCRGlfv8lGkuQ==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "uUXjEDTiz3w22aHXrIzeBg==": { "id": "uUXjEDTiz3w22aHXrIzeBg==", "updater": "rhel-vex", "name": "CVE-2023-31122", "description": "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", "issued": "2023-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31122 https://bugzilla.redhat.com/show_bug.cgi?id=2245332 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://nvd.nist.gov/vuln/detail/CVE-2023-31122 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31122.json https://access.redhat.com/errata/RHSA-2024:2278", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "httpd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-8.el9", "arch_op": "pattern match" }, "uVmA7GUNWdA65M4tmw++XQ==": { "id": "uVmA7GUNWdA65M4tmw++XQ==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "ucnZ3NrsBVYnlUI65g+YQw==": { "id": "ucnZ3NrsBVYnlUI65g+YQw==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "ugk8bc5JAs//Hgj923HTXA==": { "id": "ugk8bc5JAs//Hgj923HTXA==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "uglqkYqbcsDd4SCu9NI2Ww==": { "id": "uglqkYqbcsDd4SCu9NI2Ww==", "updater": "rhel-vex", "name": "CVE-2023-25435", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25435 https://bugzilla.redhat.com/show_bug.cgi?id=2216614 https://www.cve.org/CVERecord?id=CVE-2023-25435 https://nvd.nist.gov/vuln/detail/CVE-2023-25435 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25435.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uikNRmJj2VyibU1zT+Mneg==": { "id": "uikNRmJj2VyibU1zT+Mneg==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "uivtLheXzNSAAluN6T99Wg==": { "id": "uivtLheXzNSAAluN6T99Wg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ujypD271NReIMihczobLQw==": { "id": "ujypD271NReIMihczobLQw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "uqtArQDYlZFUJZeUv4AmZw==": { "id": "uqtArQDYlZFUJZeUv4AmZw==", "updater": "rhel-vex", "name": "CVE-2024-38475", "description": "A flaw was found in the mod_rewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38475 https://bugzilla.redhat.com/show_bug.cgi?id=2295014 https://www.cve.org/CVERecord?id=CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38475 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38475.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "httpd-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "urAp37uxuwC4aDQBOIO/rA==": { "id": "urAp37uxuwC4aDQBOIO/rA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "uv0xK+bSjUByf+SifqjJ2Q==": { "id": "uv0xK+bSjUByf+SifqjJ2Q==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "uzHhJN8qq5Cg/HSXO2PiHQ==": { "id": "uzHhJN8qq5Cg/HSXO2PiHQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "uzquedNvneeORkKUWVsZtA==": { "id": "uzquedNvneeORkKUWVsZtA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "v/e7DnxVAlpegLOsTN2UPQ==": { "id": "v/e7DnxVAlpegLOsTN2UPQ==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "v0AFBlqGmBQlS1dhX2TSVw==": { "id": "v0AFBlqGmBQlS1dhX2TSVw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "v0sRbG79dXJKDYDtyopcyA==": { "id": "v0sRbG79dXJKDYDtyopcyA==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "v2nAFtCuOV3s9lp4Bt0rGQ==": { "id": "v2nAFtCuOV3s9lp4Bt0rGQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "v8dGiTe4KxqKw3mwN85XDw==": { "id": "v8dGiTe4KxqKw3mwN85XDw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "v9+1y5YeigbSyCurLz2YHA==": { "id": "v9+1y5YeigbSyCurLz2YHA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "vFqFaRQ2FFEeoiQHO0D5Rw==": { "id": "vFqFaRQ2FFEeoiQHO0D5Rw==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vGiwA1iecWkM9TCrP/cOdg==": { "id": "vGiwA1iecWkM9TCrP/cOdg==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "vLwZHKX/1eQ4D0KMc8goug==": { "id": "vLwZHKX/1eQ4D0KMc8goug==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "vO0kcWwlg/d0NtEQqm2dHQ==": { "id": "vO0kcWwlg/d0NtEQqm2dHQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "vO3fut6i1BxfSSrT2ubFEA==": { "id": "vO3fut6i1BxfSSrT2ubFEA==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "vSprYPjt0fuICUjiB4/LWg==": { "id": "vSprYPjt0fuICUjiB4/LWg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "vVpALVEJZjuFjBK3jgRFKA==": { "id": "vVpALVEJZjuFjBK3jgRFKA==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "vW0+/HQSgXG0Itr5qyIxIg==": { "id": "vW0+/HQSgXG0Itr5qyIxIg==", "updater": "rhel-vex", "name": "CVE-2024-38474", "description": "A flaw was found in the mod_rewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38474 https://bugzilla.redhat.com/show_bug.cgi?id=2295013 https://www.cve.org/CVERecord?id=CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38474.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "mod_session", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "vXi2lz1to7zuM26Qf+5v9Q==": { "id": "vXi2lz1to7zuM26Qf+5v9Q==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "vYVfNkdHVoix1j9S6G4zoQ==": { "id": "vYVfNkdHVoix1j9S6G4zoQ==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "vnOALZCV08rW836Ci7w9kQ==": { "id": "vnOALZCV08rW836Ci7w9kQ==", "updater": "rhel-vex", "name": "CVE-2024-27316", "description": "A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27316 https://bugzilla.redhat.com/show_bug.cgi?id=2268277 https://www.cve.org/CVERecord?id=CVE-2024-27316 https://nvd.nist.gov/vuln/detail/CVE-2024-27316 https://httpd.apache.org/security/vulnerabilities_24.html https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27316.json https://access.redhat.com/errata/RHSA-2024:2564", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "mod_http2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.26-2.el9_4", "arch_op": "pattern match" }, "vqqO8LGBb+Z7DqKNNvwvFQ==": { "id": "vqqO8LGBb+Z7DqKNNvwvFQ==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "No description is available for this CVE.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "vrUyli9F/TSWI+RqUWzl9A==": { "id": "vrUyli9F/TSWI+RqUWzl9A==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "vxtz0tT5g5Gne3T6gdTzlQ==": { "id": "vxtz0tT5g5Gne3T6gdTzlQ==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "vz5xJxolla1YwmKD1vUDUg==": { "id": "vz5xJxolla1YwmKD1vUDUg==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "vzByRV8qKLfVVoPLFuTpeQ==": { "id": "vzByRV8qKLfVVoPLFuTpeQ==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "vzES2NKM5n8arX8C2sNtvQ==": { "id": "vzES2NKM5n8arX8C2sNtvQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "w1094TrprBpG+5TZJus6FA==": { "id": "w1094TrprBpG+5TZJus6FA==", "updater": "rhel-vex", "name": "CVE-2022-1674", "description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "issued": "2022-05-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "w1gSEYxPtWAIfzlL3TbM3g==": { "id": "w1gSEYxPtWAIfzlL3TbM3g==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "w820AArU7EvMtvlZkNuyNg==": { "id": "w820AArU7EvMtvlZkNuyNg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "w8HdqFb1v+5TiPAPr02m9g==": { "id": "w8HdqFb1v+5TiPAPr02m9g==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "w8af/LTYrBLWhYkZBSi2Lg==": { "id": "w8af/LTYrBLWhYkZBSi2Lg==", "updater": "rhel-vex", "name": "CVE-2022-4141", "description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4141.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "wBcG/UM3LLdlHaGWnuTKFQ==": { "id": "wBcG/UM3LLdlHaGWnuTKFQ==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "wHoRXgaP5xu2A9GAujsW7w==": { "id": "wHoRXgaP5xu2A9GAujsW7w==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "wIIptfGVgtdFwdHLveHQTw==": { "id": "wIIptfGVgtdFwdHLveHQTw==", "updater": "rhel-vex", "name": "CVE-2025-5244", "description": "A vulnerability was found in GNU Binutils up to version 2.44 and affects the elf_gc_sweep function of the bfd/elflink.c file of the component ld. The manipulation leads to memory corruption and a program crash. An attacker must have local access to exploit this vulnerability. Upgrading to version 2.45 is advised to address this issue.", "issued": "2025-05-27T13:00:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5244 https://bugzilla.redhat.com/show_bug.cgi?id=2368763 https://www.cve.org/CVERecord?id=CVE-2025-5244 https://nvd.nist.gov/vuln/detail/CVE-2025-5244 https://sourceware.org/bugzilla/attachment.cgi?id=16010 https://sourceware.org/bugzilla/show_bug.cgi?id=32858 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5 https://vuldb.com/?ctiid.310346 https://vuldb.com/?id.310346 https://vuldb.com/?submit.584634 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5244.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "wP28HrxJ2NswytUtk1XQaQ==": { "id": "wP28HrxJ2NswytUtk1XQaQ==", "updater": "rhel-vex", "name": "CVE-2024-24795", "description": "A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24795 https://bugzilla.redhat.com/show_bug.cgi?id=2273499 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24795.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "httpd-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "wQDBiN+ZfYCbBccIgJzPcQ==": { "id": "wQDBiN+ZfYCbBccIgJzPcQ==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "wWpMn1XC8aTAF/29xCaZ8Q==": { "id": "wWpMn1XC8aTAF/29xCaZ8Q==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "wZFtfR91K+mWwCwEmQpUmA==": { "id": "wZFtfR91K+mWwCwEmQpUmA==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "wZIEsQ9bd8H+dXqqJhsClg==": { "id": "wZIEsQ9bd8H+dXqqJhsClg==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "wcNr0VBORZ/YM9aIEuV6XA==": { "id": "wcNr0VBORZ/YM9aIEuV6XA==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "wdpFUdafrECCyVLdW8WR9w==": { "id": "wdpFUdafrECCyVLdW8WR9w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "wqk4HClUoIMMf7SUpa+Adw==": { "id": "wqk4HClUoIMMf7SUpa+Adw==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "wwDsyu2BEzBGB5DYydRkYw==": { "id": "wwDsyu2BEzBGB5DYydRkYw==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "wx8MVa76rtUz50BalUYnJg==": { "id": "wx8MVa76rtUz50BalUYnJg==", "updater": "rhel-vex", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "2023-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4641 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://www.cve.org/CVERecord?id=CVE-2023-4641 https://nvd.nist.gov/vuln/detail/CVE-2023-4641 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4641.json https://access.redhat.com/errata/RHSA-2023:6632", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-8.el9", "arch_op": "pattern match" }, "wyKxcZRF/hg+LQiqCVC6rg==": { "id": "wyKxcZRF/hg+LQiqCVC6rg==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "x0SVslQrSSiPd4SF4/4hGw==": { "id": "x0SVslQrSSiPd4SF4/4hGw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "x1E7nyV5fDzAyk1STjwshA==": { "id": "x1E7nyV5fDzAyk1STjwshA==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "x4y353xwTKkgu0582Qh5wg==": { "id": "x4y353xwTKkgu0582Qh5wg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Basename", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.85-481.el9", "arch_op": "pattern match" }, "x9N9k4kphpFolh1H8PHEEA==": { "id": "x9N9k4kphpFolh1H8PHEEA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "xAlRzDrHkxl7HU8mOIxIvA==": { "id": "xAlRzDrHkxl7HU8mOIxIvA==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "xEE9zf8DUoHY25V5nM0x+g==": { "id": "xEE9zf8DUoHY25V5nM0x+g==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "xKwaDB7aG2oH2GrBtebXYQ==": { "id": "xKwaDB7aG2oH2GrBtebXYQ==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "xL4loYVOmJB7OXC3kSkmfw==": { "id": "xL4loYVOmJB7OXC3kSkmfw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "xNb89cwcl67WhXZjUplwIA==": { "id": "xNb89cwcl67WhXZjUplwIA==", "updater": "rhel-vex", "name": "CVE-2025-47273", "description": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.", "issued": "2025-05-17T15:46:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47273 https://bugzilla.redhat.com/show_bug.cgi?id=2366982 https://www.cve.org/CVERecord?id=CVE-2025-47273 https://nvd.nist.gov/vuln/detail/CVE-2025-47273 https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47273.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python-setuptools", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xQ6R88+x8IssPvOAavmZXw==": { "id": "xQ6R88+x8IssPvOAavmZXw==", "updater": "rhel-vex", "name": "CVE-2022-0530", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a UTF-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0530 https://bugzilla.redhat.com/show_bug.cgi?id=2051395 https://www.cve.org/CVERecord?id=CVE-2022-0530 https://nvd.nist.gov/vuln/detail/CVE-2022-0530 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0530.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xUh4YuirUHAz/J9Ww2KXaw==": { "id": "xUh4YuirUHAz/J9Ww2KXaw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "xZIb4S2QRmsQOqvyUKACAA==": { "id": "xZIb4S2QRmsQOqvyUKACAA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-POSIX", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.94-481.el9", "arch_op": "pattern match" }, "xi7l1oiVtVzfSxtJw44jSg==": { "id": "xi7l1oiVtVzfSxtJw44jSg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "xjtPKIYmvcYxxZBNJ8tEUw==": { "id": "xjtPKIYmvcYxxZBNJ8tEUw==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "xoBHgfp5wgIWy3GYQTKJQQ==": { "id": "xoBHgfp5wgIWy3GYQTKJQQ==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "xpRC7lqeIvSrWa/KfZckow==": { "id": "xpRC7lqeIvSrWa/KfZckow==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "xsv8GBgazK9Dz4RNkUHFjQ==": { "id": "xsv8GBgazK9Dz4RNkUHFjQ==", "updater": "rhel-vex", "name": "CVE-2024-38474", "description": "A flaw was found in the mod_rewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38474 https://bugzilla.redhat.com/show_bug.cgi?id=2295013 https://www.cve.org/CVERecord?id=CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38474.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "mod_ssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:2.4.57-11.el9_4", "arch_op": "pattern match" }, "xtSEUud0UN//Su0ySaR3UQ==": { "id": "xtSEUud0UN//Su0ySaR3UQ==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "y/8QZeoYV5KanqSqv/18nw==": { "id": "y/8QZeoYV5KanqSqv/18nw==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "y4mCwDYfTNPe4spWKWwjwQ==": { "id": "y4mCwDYfTNPe4spWKWwjwQ==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "y7LeLW+UNa9OXTJsedT1pg==": { "id": "y7LeLW+UNa9OXTJsedT1pg==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "y9E+Lh5SpPDKe0DW19HLjA==": { "id": "y9E+Lh5SpPDKe0DW19HLjA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "yFyXcq1E5bw+omyiCv+CnQ==": { "id": "yFyXcq1E5bw+omyiCv+CnQ==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "yHfUI1Pnswr2CPSGioQ4BA==": { "id": "yHfUI1Pnswr2CPSGioQ4BA==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "yHqTDX5RE8eUKM9rdC//Mg==": { "id": "yHqTDX5RE8eUKM9rdC//Mg==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "yK+sCyttf4bGyDBAO3DTbw==": { "id": "yK+sCyttf4bGyDBAO3DTbw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "yOD9sFmw+ZkhtjrTzOQNtg==": { "id": "yOD9sFmw+ZkhtjrTzOQNtg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "yQdXSsMbHycMlE0PdqtmHw==": { "id": "yQdXSsMbHycMlE0PdqtmHw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-NDBM_File", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15-481.el9", "arch_op": "pattern match" }, "yU5mkCPzEauPBsUqlb3apQ==": { "id": "yU5mkCPzEauPBsUqlb3apQ==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "ydN/9qW+IO/7qUsy09APhw==": { "id": "ydN/9qW+IO/7qUsy09APhw==", "updater": "rhel-vex", "name": "CVE-2023-24607", "description": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.", "issued": "2023-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24607 https://bugzilla.redhat.com/show_bug.cgi?id=2187154 https://www.cve.org/CVERecord?id=CVE-2023-24607 https://nvd.nist.gov/vuln/detail/CVE-2023-24607 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24607.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yfACz4JYLaonVFc9kA3iYQ==": { "id": "yfACz4JYLaonVFc9kA3iYQ==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "ygcRE9YitCbLx9CXMh7mPQ==": { "id": "ygcRE9YitCbLx9CXMh7mPQ==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libkadm5", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "yiCqGYK5YZhv+xV3X+Qx5g==": { "id": "yiCqGYK5YZhv+xV3X+Qx5g==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ykE0E9Lv2Xj6V4wi3K89SA==": { "id": "ykE0E9Lv2Xj6V4wi3K89SA==", "updater": "rhel-vex", "name": "CVE-2024-38474", "description": "A flaw was found in the mod_rewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI.", "issued": "2024-07-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38474 https://bugzilla.redhat.com/show_bug.cgi?id=2295013 https://www.cve.org/CVERecord?id=CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38474 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38474.json https://access.redhat.com/errata/RHSA-2024:4726", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "httpd-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.57-11.el9_4", "arch_op": "pattern match" }, "ylg3k+AtgUcIl3hJiXNMlw==": { "id": "ylg3k+AtgUcIl3hJiXNMlw==", "updater": "rhel-vex", "name": "CVE-2022-2946", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2946.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ysEF64GA1SEOz6Uev8X6pQ==": { "id": "ysEF64GA1SEOz6Uev8X6pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "z2N0HuS8mB4t9bAz3tR/fw==": { "id": "z2N0HuS8mB4t9bAz3tR/fw==", "updater": "rhel-vex", "name": "CVE-2024-24795", "description": "A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.", "issued": "2024-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24795 https://bugzilla.redhat.com/show_bug.cgi?id=2273499 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24795.json https://access.redhat.com/errata/RHSA-2024:9306", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "mod_ldap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.4.62-1.el9", "arch_op": "pattern match" }, "zAQhwfD+1kpXY0CwZC6HxA==": { "id": "zAQhwfD+1kpXY0CwZC6HxA==", "updater": "rhel-vex", "name": "CVE-2025-24014", "description": "A flaw was found in Vim. In silent Ex mode (-s -e), Vim typically doesn't show a screen and operates silently in batch mode, however, it is possible to trigger the function that handles the scrolling of a GUI version of Vim via binary characters. The function that handles the scrolling may trigger a redraw, which will access the ScreenLines pointer and can cause a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-20T22:53:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24014 https://bugzilla.redhat.com/show_bug.cgi?id=2339074 https://www.cve.org/CVERecord?id=CVE-2025-24014 https://nvd.nist.gov/vuln/detail/CVE-2025-24014 https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919 https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24014.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zDHl5AxFMMqrfTCU6DAHtQ==": { "id": "zDHl5AxFMMqrfTCU6DAHtQ==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "zDmU3WG0c3AQYw7NFebUCQ==": { "id": "zDmU3WG0c3AQYw7NFebUCQ==", "updater": "rhel-vex", "name": "CVE-2022-3234", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3234.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zJlrDTLwkYlMUMmfRWCifg==": { "id": "zJlrDTLwkYlMUMmfRWCifg==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "zP2miTirQjHfCyfRvmeCxw==": { "id": "zP2miTirQjHfCyfRvmeCxw==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "zQ+wurn4Y1m7g+Dod0JrXA==": { "id": "zQ+wurn4Y1m7g+Dod0JrXA==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "zQzLw5ZBlwA067ka0YvoHA==": { "id": "zQzLw5ZBlwA067ka0YvoHA==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "zY61FHLduccxZAfWDpeM2g==": { "id": "zY61FHLduccxZAfWDpeM2g==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "zZqsnLIshm38/Ec0mv1zQA==": { "id": "zZqsnLIshm38/Ec0mv1zQA==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "zbCarOV2Tc7arcK/YbfGpg==": { "id": "zbCarOV2Tc7arcK/YbfGpg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "zkStPEZlqSplVlCvCS/Zdg==": { "id": "zkStPEZlqSplVlCvCS/Zdg==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "zlxvoUxhbbvyCm+ir0eRIg==": { "id": "zlxvoUxhbbvyCm+ir0eRIg==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "zoCeQAIu1TFmWIYHnlYddg==": { "id": "zoCeQAIu1TFmWIYHnlYddg==", "updater": "rhel-vex", "name": "CVE-2022-2183", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2183.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zum30oF+vgO+77M+8QbtcA==": { "id": "zum30oF+vgO+77M+8QbtcA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "zw0cARVh3jgrbyVziYo6DQ==": { "id": "zw0cARVh3jgrbyVziYo6DQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "zx97OaxgXH8j+mFWesQySQ==": { "id": "zx97OaxgXH8j+mFWesQySQ==", "updater": "rhel-vex", "name": "CVE-2022-1620", "description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1620.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+yIdH2Pb8SGFuXnry3uK/A==": [ "7+zZLUPhCOA3BFrcusoKFg==", "BbM0NZsMsZnNUi1ybIzssw==", "TszqopCoskBv4coMA3/peg==", "LyQcB6aDtcDf3FmzBVHSKQ==", "IvL651FnAzrxSYOiOuXMlw==", "XWaBdbEJiHpYXT1f1eBk1Q==", "IfJyKZ52fwKruf/mbOKmYg==", "4vHE1o0sxmJSfgr6AiAtqA==", "3mn5saqLeDWX1WioNLINeA==", "RxwFiIUPJYMo6r5lfv+sdQ==", "snuOK/MSU9RHiR0jGJiZAw==", "q99r/5og6gILO4INuTA0sQ==" ], "/QWl/PWEGcxbGcHF8DRhpQ==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "QQ1upjXEDW7OiB4aR8O/8A==" ], "/hboeipJYwh21VHE3k8hmg==": [ "yFyXcq1E5bw+omyiCv+CnQ==", "AsiuN/8gu7sZ0PJCLihjmw==", "0XyIJoIqTLxnYiZet4x5Yg==", "6eMjths7OctCI6zbpR/CJw==" ], "/ix7t8u2ubW7Mpg/i3GMZw==": [ "ow+W4FZFcnnnyqC0uw4arQ==" ], "/nzriCy9+x9+mJ5siYSQUQ==": [ "/7MOqzYcpKodu8z+UG1h/g==", "HBNeLxEkZsSJpiMycw8wTQ==", "QpmPmJkImbP3BLZVoQ/PBw==", "Vcn3jN4hVRksfYeeqif75w==", "eSBOrEkCJo/Pw2Y4iW0fkA==", "c8VcLtF5K0vg10vsMZYG1g==", "J629mzWgyseaiJdsccnC0w==" ], "/u+CSzV7kEfezwNM7CM7EA==": [ "moptNBqyzedtNhF5AQkSKw==", "//JUC9cSBRpTkexRqgXGDQ==", "s/7gHZSkaG/wubfvwUuCLw==", "/TlXuCSs4iN+O7ZiXHh0rA==", "KvTHt3xtdMy208hVDFxqHA==", "3uTwJ6BR3NYTj8voE9XrqA==", "wdpFUdafrECCyVLdW8WR9w==", "EaJSiiuY1um/YT8igyfuLg==", "gltsekO9p4cbvcWxBDVbSw==", "exYmjpiMmOkTrwjxIZq6JQ==", "QYt7IWs4IVpEJ8zBDWXlaA==", "qnPr3gcD7In/41sUsGuJuA==", "5sCyFjUL7o/b27+YioN3Ow==", "I9QmITTVNIddrA04uAwHcg==", "06nVp3HoQkp2GMYq8FEEOw==", "Ujwv/4JgPM6iMrQpcjcONA==", "qjKGGY3933nbxsRxZfTnQw==", "Q8IjmHAyEPfSZ4ADo6BLIA==", "Fzv3hLiqGP6JSExBxNthvw==", "Kst/Nu97wF/raXev/kAkVw==", "M1WTIWHPCj97YeJJsy4EZA==", "6HkJItKZ+XnhCPZYnXp3mw==", "QdWNLqhuTXgATozRsAAucA==", "3p9vZY4Tp+ruzgOPju8G0g==", "Y6jBF6ZoX5K+LWaeE5AkSA==", "oAWlLj5xhoQdD0/9sVLozQ==", "Y8KTdl/rf2JLSAIhuuUuHA==", "ezxnHKwNvaQzOm0eoN6eYA==", "Q+Mii4PvPrm3VuQah4UjJg==" ], "/ziQfr+n12RYSjYmCLOeJw==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "yQdXSsMbHycMlE0PdqtmHw==" ], "06kxsmKuig0GXYujyWRf1g==": [ "JSPMHRCFZI0X3BUC808myA==", "SstbtJyplu6wT0tmTKbr8w==", "t1KFd0M1KDDZG8emCusGiQ==", "0O6vUX1pq+1kVV1sESVhMw==", "1S8SOPvrptI3Ktb4UdMF3A==", "iiMfHakEGjzHeRLdhfwghA==", "Xd13Zf2Hfkk86nXadq2UDw==", "o6RwbTixAbGsSyddw1yZpQ==" ], "0MjC1Kk7xsOH9HZSfI3q+g==": [ "PsRF7Xq7dFAe19vnyA4U+Q==" ], "0Yvc2+M8FAry625wuL4S5A==": [ "WQMOAsYgGrv9Z81CukkfSg==", "UyrXKlV/F8Ngo4hTkS7IlQ==", "3+809IKkEvKNvrYKsUMlFg==" ], "13/XvLtRK2RDQlcsZc1BtQ==": [ "7+zZLUPhCOA3BFrcusoKFg==", "BbM0NZsMsZnNUi1ybIzssw==", "TszqopCoskBv4coMA3/peg==", "LyQcB6aDtcDf3FmzBVHSKQ==", "IvL651FnAzrxSYOiOuXMlw==", "XWaBdbEJiHpYXT1f1eBk1Q==", "IfJyKZ52fwKruf/mbOKmYg==", "4vHE1o0sxmJSfgr6AiAtqA==", "3mn5saqLeDWX1WioNLINeA==", "RxwFiIUPJYMo6r5lfv+sdQ==", "snuOK/MSU9RHiR0jGJiZAw==", "s4GBMvRcoMkjpfrzX/GkLQ==" ], "1Wgi1A5rYYMDlKrTSmcrGw==": [ "IZtUHMfco2qM2j88janpdw==", "cuNmXs5IUHyxswp17wjaOA==", "0BWw+o/VRLTjmukorj4XNw==", "fAt+QSazQuj9LFCdyfZZzA==", "uzquedNvneeORkKUWVsZtA==", "ggfY6gCBW/GSQd8oZSsAGg==", "Lqn5gBEpKHg0aKgD2BjK4A==", "HtlDnK+y+r9VRRtbkfrq9Q==", "Z3ooXdPZHBGz3Zn2fzVGjA==", "rREnUm7sDNyGeeD6RlvlrQ==", "C38jEAZBH42pj/LK2zcQXw==", "f8zkiAQiKYmmQ6JoWVEpyg==", "/do+fQ2Lnu83vRm2aCLhhQ==", "em5AO2rYrgNnhFwzmAjfjQ==", "06nVp3HoQkp2GMYq8FEEOw==", "BCs5XTdAELTlXaSYSPAeOw==", "v8dGiTe4KxqKw3mwN85XDw==", "Gg97qi1BhqlOPIWqj2o4lQ==", "67Vgi/1HrbHMdD5VblFjmw==", "Cp0oKV+YHuWX9YmWfGn8dA==", "pKzPEO7/xjyXrMbpLiciEw==", "bPxejplqXNhUXDZqwkk2HA==", "slSH4fTxavc0sTcES8JJyQ==", "lbxN096+MM/KBPw8fZJzzw==", "tJi5yLt21mvpq+yBFP/U8w==", "GBKJ1gcQDHFLbPDqgBAukQ==", "hVOFvG1HRBUhlwlYajt2Yg==", "DSmK9l9jgnk+scTQzgngGw==", "0LEjw5X6tgQucjv/6pguWA==" ], "1XXuvf69/0I2dNHaU2UndQ==": [ "/wfob5jHHezdiyugtfPWjg==" ], "1dO83wB64hDLki3A4eA/Pg==": [ "ek3+7A2JecsNdDGEqoDjTQ==", "HxI42iSjURjRki+uV6q/9w==", "hbOAbiOJ6F6ohNePMmRtlQ==", "oOxpEAJ7Dm+eqzNK9Kk7sg==", "a7EB0fwsUs3hrXN5L9zyjQ==" ], "1h72uRXCx8BEJRBuxQUZxA==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "kQq8hvN2yLWiupMaLbRduA==" ], "1h9uHE0QiXBO/zpJrT0VjA==": [ "1lRtJofWFCTkQi0dreTmvg==", "P9a8nTOFDYbTUSMNt0VDfg==", "t7klIbkcqJpX+Hibob7+Dg==", "tbhLz74i3ShwS72WbIsoOA==", "lKniGV6mBq1xFWJ6V0QVvA==" ], "1iUaGpv40BOJQUks5I0iYg==": [ "RbbjYwzsUzC1jY9FlfA7DA==" ], "1wBZnC1avvfNNrXqSBIrLQ==": [ "sVG4udZOusLp3MMAPcEW+g==", "wx8MVa76rtUz50BalUYnJg==" ], "1wLXgzkbHeATdTLAIa0dbQ==": [ "HT4k6+0VwtXXrNi4IFV2ug==", "AsiuN/8gu7sZ0PJCLihjmw==", "0XyIJoIqTLxnYiZet4x5Yg==", "0u9BhQlRGnXqmFj5VxmVgw==" ], "2KzE5vrx0XgyqjjMfDhPmA==": [ "btNYPbmIqnHI3+3MJrK+8w==", "Y3WKF6/Qa3b8kujepTuCsg==", "rIgQBIDE6jMxwwM1LwcoaA==" ], "2fg1ZRYCSPKKOgCxCcA36w==": [ "sut2Jyi9Sg5GxKwdaNmHPg==", "OAFgQI0NLiTuwa5m3oeKvw==" ], "2kFA6ghsw4jfGa4xzNB0dw==": [ "Qrr5Q+c0TZSBOI5u+k3BAw==" ], "2pv3nM9LRsMhTVXXhKvVsA==": [ "HRf9rV5BqUqr4i3wEvXYrQ==", "QScrbjVTtwLmwolS+TGkzw==", "q/JIHOHyBf5oYZOBv4QV5w==", "VaI9oASdZliWzEmaptNeNg==", "dWXEBBwtYKNNgI/pql/Wqg==", "blTOjHCd+uWQY/erNemJNg==" ], "35MvZs/A5NUjD+xZ1Vlnyw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "37pkHZ+z/wrqTgt4tlrp7g==": [ "FVTPqIs7vgGACMM0pfvvDw==", "aNmMuJ15ZBwP9R8F7p6TOw==", "Y3WKF6/Qa3b8kujepTuCsg==" ], "40gZpuDvr8Y82hwRT4gOdw==": [ "bNvH54V1y9cXsGaCXVwFVw==", "sX4z+/MJJPdkzlB8meg6vA==", "Nd9jBPH5RBX4nCYx4+9Hiw==", "Qd2XnJZ3qaQ3AbyDXUaR2A==", "Pj9V3uC2c9o+P6lTpzzGeA==" ], "4CCULePjeuIVtIYtfIJ9IA==": [ "+sogRO7MZKXHT07LeompQQ==", "WN9impUbRzm+dw9sY8IWzg==", "KC4H6WRPkYrWvXb9OC+odg==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "uglqkYqbcsDd4SCu9NI2Ww==", "kLcAGGGbc3pWzCon+2kDLA==", "GuM8+Ku1VtBzfPk3/FCgzw==", "uFXEnN9gepJ4+HtQWdLrOg==", "6J86dffyd+kQEKbjTTbD2Q==", "+o9j0Llb6+ISl2S6vmkRkQ==", "sSpyMuxbh/+/Nula2ikXPw==", "Ihq7mkhGM9sf/8QM05o7gw==", "PAbZTh6+C5MKjPK9CG1C7A==", "AWmsv3mH2jPlTL7bFyq8gQ==", "qd6f1Pm+8EQf+vKTgQIKag==", "GIYpweBhZIpsva7P5jGZwg==", "CNONWWLgmVwDA/lLfltdyg==", "mr8ERmk8X8w7fcjVVsFZxQ==", "cgF+p8OJpHCsOW2Oy70xoA==", "Q/Pzrblh+S8zgQniIv+2cQ==", "WyYfV4qukI0O3aVuym2nzw==", "2ezxh/Mpkyyi/ENw60Y+Tg==", "4Mw4z3LuOMDccJwKA3WDpw==", "ijiaRlnbujxKRwcR5Q2+pQ==", "Zi4lyFbPtDTAWKi80UvBVw==", "/BmwZ52n8e/hzX7MgTDW8A==", "IqDaL37gpmJkcaU5vU7y7Q==", "IDZTlFNxsI8j3vhOiq74iw==", "RwD1qkwqXeIcCzzyTwz+cg==", "lJ4kViLtNjqmVXppw3SyZQ==", "PYpOjotUZ0rZ3yidSXAEiA==", "k+7PDiqjiZmgwmR4YKvp9w==", "0qEjunEr8GfOdDmHoSzzSA==", "aSJymHSxRBYrHs97nG69hw==" ], "5JeNH+bHiuiK9wwBZqH10A==": [ "h8L7lkg9bH1dokRGj7cGGw==", "7MuHWimvOl+xLz/60d/lTw==" ], "5NHJ2FdetivE1fvI98uKwQ==": [ "LEslQGmhIJ04LQz9Hsv8ZA==", "xjtPKIYmvcYxxZBNJ8tEUw==", "Uj8LW6E8/nymbtTqNalKaw==", "dhro9iIkTPAfFcnPAgDTUQ==", "hfZSSxHN31zxV+RJ48FtBg==", "G2w3S+v/G+UFKZ7Ps1gf6w==", "Ym7IYlmL5IkPVpjUaX6hNw==", "bA3ztsCpotNDP+b742CdhA==", "sKFgvk8xXWITWQ/QeRQbAQ==", "64Y4k9USgW4ya/SnvXYkTw==", "/T2e2s1XVanyEShgjo7yNQ==", "CC2urzeaOFnRuxvwkpv06w==", "zZqsnLIshm38/Ec0mv1zQA==", "SPY2CCRLRTXm0jZ9H6uG7w==", "b4aC+VBxT4a9as7pojFgGw==", "tCZivYRvaQ30WQ6eJn2MjQ==", "A6K1sza+52QsonC22ECRkA==", "xpRC7lqeIvSrWa/KfZckow==" ], "5gnny15srfcrOHbx7C1mGA==": [ "v0sRbG79dXJKDYDtyopcyA==", "0SSbyb1ilRd9IrbrjxK/YQ==" ], "6COiLlB/V7UlOwfuFJy77w==": [ "Z0bbSkX8e3OUKdJa86CbBw==", "xQ6R88+x8IssPvOAavmZXw==", "r3RLKNYtYvKarBqnnrlrew==" ], "6G4wapu2zP6UYfTP+Ip2pA==": [ "7+zZLUPhCOA3BFrcusoKFg==", "BbM0NZsMsZnNUi1ybIzssw==", "TszqopCoskBv4coMA3/peg==", "LyQcB6aDtcDf3FmzBVHSKQ==", "IvL651FnAzrxSYOiOuXMlw==", "XWaBdbEJiHpYXT1f1eBk1Q==", "IfJyKZ52fwKruf/mbOKmYg==", "4vHE1o0sxmJSfgr6AiAtqA==", "3mn5saqLeDWX1WioNLINeA==", "RxwFiIUPJYMo6r5lfv+sdQ==", "snuOK/MSU9RHiR0jGJiZAw==", "6MdoTC7jzzEDMQoqINyh7Q==" ], "6J8s8AwMqy7tE/ISmFBsoA==": [ "6GILJqctNxTbZFPR6fLtoA==", "SMyGjqekq81yBZNPHrQjPg==", "vxtz0tT5g5Gne3T6gdTzlQ==", "IjpkBJ+ywcI88szIoeoHzQ==", "yfACz4JYLaonVFc9kA3iYQ==", "d3hg3p7HHSzNu7EiHNm8hw==", "kdLSOIDVCc2afSs940b7fw==", "gh7IiVLtHhqlEfQymEmXiQ==", "rBsEXDMUV1tCYkxNiwvwEA==" ], "6LVRZKaAJH97OKCXsJMDDw==": [ "JSxIEGIOCwboUDoJZgS9fA==" ], "6SSb5cE7rBNUxI3/i20KSw==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "edJj0SWSjBg+OUxgE/bF/w==" ], "7EpSGPerbrvf/owa+1w1QQ==": [ "km4/t4mBY59JctKjJhxr7w==", "C6yN0mcIXI4IYgVIgMrJhQ==", "dQRtstacQp0RWMkspwRjSg==", "kz6iRBveELIreSMq2mxHNg==", "3xkCSLCsiWI7SUm/x8evmQ==", "wZFtfR91K+mWwCwEmQpUmA==" ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ "cbNKZbfbJhPfPLHi6va27w==", "TEg+H5IUFEuL8/4VudXtEg==", "arPTXFJYsCT564EgyQClGA==", "sMiI7LyEQVEePEq+VLCTxQ==", "qga4oRtpFgA1YSSQz4jFqg==", "P/9UEa4H7U3EYHe3jfy0lw==", "Y8lb/NrdVvcIZE+CE1zroA==" ], "7kedTb4EJLDAcGarhqe+lQ==": [ "/WQB0Cmnj06XJWCr3nqOoA==", "r7FjmMNb7gvjumuk3FvyAw==", "ac6BZ0tqO6i0QQDCZWfGNg==", "k/CdFos3+OXmV6TI04xnUQ==", "ax7ntKztjjUex0Fnm21atg==", "t+BDL+U2MMfFVxGH0afsVA==" ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ "a8lEoliaJpwjl9bCwQSdLA==" ], "7wYzYHhhfFK6lCrrOlvj+A==": [ "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "c95Jb/MAeM4/Wnq2jSIopg==", "JVuTqfPwohmj6ucokgM2sQ==", "GR80zW702W+xho6dTSNlyw==", "J1cvee8xy6oZDEdA21dqEg==", "3skSbDjTQ02+eNiFJz716g==", "Ji6OY1u39nJByKzCNwfpIw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "Aet749oXCwhRnnY9gEGYGw==", "1I7VtxkB33ashDX0kB4Teg==", "GjK0gO1QmNQJ/ZsCakqCdA==", "LFiejdPb02ZvCk9/k6M2OA==", "k1iloax1qfqa4/tolfprdg==", "03WJApqdfWbzHtZHpqBt1Q==", "E6F4Bsc58fK+0x+N9LY6gA==", "8BsUEMjLB96UtpRd1ludrg==", "KWqotAAFzFGFp1GIUjXi0g==", "b3gcqhWrOMtSFjkTMyyWQw==", "Nsd5wG+dBhUvVktxuz/adg==", "yHfUI1Pnswr2CPSGioQ4BA==", "ZMCWgxkMJ4LjF/nj5/+01g==", "Mx7K+5VJ9q5MSCq5wzzrvA==", "rTV9bjfy2M3+eJBkP+611w==", "dpCbBO9jgzvekz9nKJpSRA==", "Hk/EnuFgs+4rtDh2D0OPZg==", "SRtj8i4HsQkjCyC1YPMDYw==", "KtIlAO0V0/KiMbIbmHHMGw==", "e2U3+rnCE0yJbEhq/B49zQ==" ], "83fA9kwjFvY8nwB2UCgukg==": [ "Pp72Aea+vKOOy3uJudZhUw==", "EX13jwlAvLcmxkiAJWJrPg==", "D+2uHlEi8tdaITyQB5nD6Q==", "d5uoKdT1BAcdC26hQDhadA==", "dyCYPXxd7bCPPaju+r3IVw==", "2WElWLVgdbllxdeDwfKP6Q==", "8mis5V7LLEsopZGf+JvtRA==", "b4mA44yc2lKr+KMpuK3ZAw==", "2LFREC4djA2j3hoAmLfXHw==", "P4xlUSVilS8AN7gF8bwdxQ==", "vVpALVEJZjuFjBK3jgRFKA==", "+mzY+BFvaMJf3mtbs8fARQ==", "0hSNEbIHPUbc0SsQiTGf6A==", "o+49RIUDbPi51VBD4jUyKA==", "1v7+DKu4v2iV80eUVeY2xA==", "BIL4VgfHRuxJ44ht2eAadA==", "C5HeGQfx/moQOawxL9uDeA==", "r0JitrfPWpsMEQUCD9uWDw==", "26+tys6VNeqYPHSmxQzD4g==", "1CEt59+PK/QZsDtTC+bpGg==", "6hAQW3vY9ZA/8datv1rY4g==", "WOZhfkOPgECPNSR7cqBWXQ==", "wBcG/UM3LLdlHaGWnuTKFQ==", "0DQjD35MphQLwWNOtJTVPw==", "88ysR3A2ahsOSzyaPsKqNw==", "noiZ4vsqIEp1S/OLQJJb5w==", "KQYTpBGYLvLckEq7PBuFZQ==", "Zkpj9zUf/wvRz7rtFrTzyQ==", "CMfKq08vHhrrBqbayF4mSg==", "M1s3OpYTLU/XtZADzTSFEA==", "cgxcvHmn06cOBf5ZYQwsUw==", "gCebGc7h8wl4naU6uyAdpQ==", "I+Ki77X+PkV/7jCRuol3dQ==", "/cobD4q1+lV6IVuJHME9qw==", "VYjcIIEd3zBO1n6h+JpdVA==", "Wvo6vOf6spcLE2C+GaDeyA==", "8G+z1fKnaBhLZ4U4Rsu47Q==", "nqFoLk/pCsthdVW9bEMEEQ==", "YUiBEe6UcZYBWbha1tAg7Q==", "PaMvfP1N6vwet3e3Ldca2Q==" ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ "gTyBvus3gRvwKplivrccuQ==", "dzeq4RzokXiRsxVtGOEPhA==" ], "9V410rRhvY0CLuMEbP5hyA==": [ "JSPMHRCFZI0X3BUC808myA==", "SstbtJyplu6wT0tmTKbr8w==", "AC/h2biWH6CpLZyJmbkLpA==", "NCMcU7toPLoiSBsDRD/Ecw==", "I7b3yyckQy9LU5mucZUiSg==", "e0c8j88d0jw4SJ/HjX6HpQ==", "Q7aPQDMsGvkoOug//ojuyQ==", "zQzLw5ZBlwA067ka0YvoHA==" ], "AMrZylSYCrcbfUCrsrIYjA==": [ "B0fL+sYDQzqmMzEqrygeDA==", "jwGLTuKM5GavU6fep3WjhQ==" ], "AUVOf/0NbfB/XbugSBELUw==": [ "KzdT9magFP88tqWviAZYGQ==", "nBIbXPa+XHxa5HNwUkiI5Q==", "IUfmGrC0apdBsMp4kpsXwA==", "0SOGBOSWJuTVuoCpNhRztg==", "4plj7t0DXbSOTUKYjPOSpw==", "XL13OgM64iwln6Z42dkwJg==", "rXaqnJlNn2UeiJLxMzdz0w==", "rjQPW5Euu4kWAju5fh1A6Q==", "Ok8NxIuqNhCT8JI1zQlybg==", "oPExWUHvFdxpqvgy6j7woA==", "SM2joNFusXvykl0QgMtP9A==", "IID02HQhTZlIg+cNTgve3A==", "a9FllBAJiFi5FeYl0KG4aQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "bLMaRua6ipPy16X+92IGGw==", "9YhtmVCizO8RKFaN3WBOPg==", "iX218jkzkS2+JTcyUOQcCg==", "8XwqZqDjDwlzB7f0TMDrGQ==", "lfRSe3KnjizxALbsHC2rVQ==", "+7BcbfUQa+MCLOaxOqWxxA==", "ZmujHtiyxPvmBBbUi0nxZw==", "6AIniaqTl0bJ2gPE7++b5Q==", "dRRO3xWXsQiDcS082MP2NA==", "TV+RoO9Hh3TnH7l4rpQ7AA==", "Y0WCcL6v+5OIjHQRxTrD9A==", "nC4l7O18/jmlfiNKOKyszA==" ], "Afy1ky17wt57Z2vMS7UXlA==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "SSAJUNd+iNG0Dh0JEHjSXA==" ], "AhFiXUdFjh8mMgmH3rq4zA==": [ "TEF4EUykdkNyGpiEfXqY/w==", "HtTTCkdsdyrj750LNNdG0A==", "vnOALZCV08rW836Ci7w9kQ==", "XaAEuH+mpvQipMTbWh8nFA==", "KC3vOAGbS28p1tBMqdebqA==" ], "AjGTpuwkPMpLZjupJLFktg==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "FAES1XlWFCETbKQytoq57Q==" ], "AnHvlYoTKSxzg0JMVMiJkg==": [ "lDV5qcTcJkBCbILUcFq4dA==" ], "C0IRn/3ulny4xrH7kewdrQ==": [ "9mXxz9VBx49eL0xR/fvdpQ==" ], "C7VGVckK0YZj4RiVmStEsA==": [ "enCBbxIBBG9uJBIJ2Silsw==", "ek3+7A2JecsNdDGEqoDjTQ==", "HxI42iSjURjRki+uV6q/9w==", "hbOAbiOJ6F6ohNePMmRtlQ==", "XeJxNps2a1xzV61fNDZUHg==" ], "C8fVRwKo3Aa5uPZ1lpSFqg==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "0W0/E/g2cPvxNF42LmIwRg==" ], "Clbp1ERO3UWUCfklcBdPow==": [ "SH6jsaECmWs0mj3SMlChWA==" ], "D2OZMHNtxbdL+hwzDwrPaA==": [ "JSPMHRCFZI0X3BUC808myA==", "SstbtJyplu6wT0tmTKbr8w==", "SmczXqxeZRCcJykxG3Abrg==", "H8XwHNDIkW12mW+y74dsdQ==", "Q2EySKz2roj2mYOhGJQA3A==", "QTcHwvmTXpVKkHS0xdfb9g==", "AdhtRMEnBdpFFyeSlUP6fA==", "+wnQC0tYj+uyZzMNgN2bcw==" ], "D93v97Kl2oOy+zY5Qaa6xQ==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "LMrJ8zW3vxlqJrvFMbbCGA==" ], "DFAPKmwcoKwcymBtOC1U2w==": [ "fSeU4QTAs+fY+ihLpgdM9A==", "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "R1x4adkbkgVhxc9hzgUZcA==" ], "DVWG3mWD7odZzCgFCUPZPw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "Drl564LoG2Da4MkRcGVqPA==": [ "tzUjzL8cLULN/OVg5UVxHQ==", "9dkLAE16ea5bn2SgPP2mAw==", "E9EdLLK3y+LgoPm72usdsw==", "rb5DZ0is806TQPI0yy6fYA==", "37rq3GKzFLRjKO43i3PBdQ==", "m6kwbTpOzBrFGJ63gjT+hA==", "sV8sVArT8E8xe2ObgOwDQg==", "O/NLHzmZCYYLTZKelvciHQ==", "1bvtrVel884c6IQiJYPNBg==", "YKiM9634FJ6Nt8Hf0D1VVw==" ], "DsBwkcaqc0GOnmEzcxe6HQ==": [ "achkbzg3O1uzsJzN1LVDLg==", "CMzEqcjHN3RVor5Wf45nAw==", "NQLX1dwxKsZukJGLLOGUaw==", "xtSEUud0UN//Su0ySaR3UQ==", "69RzM+mPmIVKA4t/SseDjA==", "ZuHlmxuhHqToQ9pmNtzzAA==", "IywEueim8Y+5rmUFlt6JAw==", "tVfJwcNEqhKfRMwXYsOBjg==", "pcgYjOzbPacRVQRcOgMasw==", "/9emm4Fj6NV1IQpSFJjnVQ==", "bsRv0aDEciFIqDbEA3oU/g==", "Mjl9qiXGmFVVyugvKalN1w==", "FDLDRBwyyvnmDzwGh+Zthw==", "k0+XSeQ+Lylj5KsCbogU9A==", "1Jt73JTYHnK6fHaV6lyLFA==", "ygcRE9YitCbLx9CXMh7mPQ==", "DSPVvHylac4gbedRKpFjFg==", "PKR5CMlvS0neVhZ//kHCuw==", "oc1sV4g+opFl9qII5XGKRQ==" ], "E7tAiOdLCOrmIg8OycJ2lQ==": [ "06nVp3HoQkp2GMYq8FEEOw==", "x9N9k4kphpFolh1H8PHEEA==", "v0AFBlqGmBQlS1dhX2TSVw==", "l7R0dYa3/wacw5OfFFHc2g==", "0INnWKjjSMNVc6OCjv18YA==", "0+YAs+Dy3SPd130Wus0uxQ==", "lzzMoGjfCQVwFi4bhK2jEA==", "Syx/gjnL4FVa+aLlI5iPYA==", "CKyr7yp8MCOkPhmRI+ObRw==", "rR+qbZpOBxw8zxI9IAWH5A==", "s/Jfbx1UXOiwzCCMDalr1A==", "Xd8tQ0FXTmb0dMN8/OnXTg==", "kAqWBUicknsNlYe6T7rf3w==", "iUX24ei3drbG8K2ZPOVF1w==", "qiEX0D3xIH6PsLjz8RerYA==", "lShNjxk/0kUQZo1dsKp7Lg==", "/xdpp5e60iW9urlPuqfkRg==", "GIVyRte/bIBFWQmQv/ZQBw==", "rGjgjD/Clgx7UEcIO0/VxQ==", "S26cXHzIjCvMHy8DUlbXOg==", "ThmcBPFcasOrE2B95BADjQ==", "JNF5Te1xcV1nlv2CXSyRdg==", "dDqXtPkCzlt66cmXbEzdNg==", "0/gdp7pbH2OhTn0s4Cc6wQ==", "oov3ViUtB6SINzpltF5uvg==", "3ZKyipeUC49AgeVTU9guoQ==", "EoQrZ5N7i4JBUoj0xAeL3Q==", "JlVcDBeAbzDMosineu4gZQ==", "51LUS52PmOp1zHrTW3se6w==" ], "EIxMRDPpO5H8aQAkWTEZCw==": [ "Pq3RV2/GIWU1/C92gw9AoA==", "Oy4AY1sofsHwffgnEgjo5g==", "uGc7MAYPvmYBBoRBtRpR8w==", "fIV0OhL231N5SkDHdJvs6Q==", "LSAqFzw6Zn+0giD/kJYKYA==", "SppkJsOzm+2zbTRc6NQFQQ==", "tTNtM6MxTsMTJHkh5Jqm2w==", "gfIEl2znKgiy+ZSNQhFiLg==", "RQQmMvzO7YiyLb0Zr1ojVQ==", "lSGUFif7Vc6m/DbHhjQImQ==" ], "EuIN5ixMdxC4uPbLWLSy8A==": [ "a5tv38r7RoeoKCznzGbyPQ==", "xNb89cwcl67WhXZjUplwIA==" ], "F1JLyBPuVB2S11BumSCVVw==": [ "APxtpbji84L/LJLM7Dfq3g==", "+++3TnIRZlKm1eoznwUkUQ==", "QenEWurn4r/HUaULM7xKAA==", "9mEb2+hU1DreFKa7HJtbCQ==", "FNarY2K/T7B+CZrdliMo/w==", "3IQGVR0IhaiZjAABEx0HWg==", "bxvUH4+61wUaHdEEphuOXg==", "RKm8LatNKPXzMDZ7Bt6URA==", "WEdA5uyUUAV71glqMuGYiw==", "Y3OvoDmeS+5hnAANsWjyFw==", "eU+ILHU8CY+dWE/VYEmKUg==", "VDf6d6jM2A0p/K+7RsIMFg==", "1VuMx1iaAJE6foV+C3GDPQ==", "p+98IgLdMXrine+F59C4xg==", "06nVp3HoQkp2GMYq8FEEOw==", "aGY9xK+6q2v7OdE17hHXxQ==", "eTNfn3GTlnobAc4el0vVmg==", "9vmn72qHgEMYqIwJkCbSLA==", "f4ea/sV/4Prs0uTKnuNrmQ==", "uzHhJN8qq5Cg/HSXO2PiHQ==", "NLQ93UlmWlijzgx53r189A==", "YJQlxoVOE5P26dajRfQPmg==", "oRguU6Bj1B2w4/MXoRFLmQ==", "a5l+SxLdqB3cOBewJ+GHLw==", "EqLnU7jMVPn5Z4r8Gj2Qtw==", "NA1ZYlQUiA35ngK3uoa06A==", "sSP/LkDGkhEk2XZGphdpfA==", "VxRLWFqTfef2SiU0r16wew==", "WFrv8p2tWC1QYt0r0wFMIg==" ], "FDUyOkFgFnO2w8haox6MJw==": [ "fSeU4QTAs+fY+ihLpgdM9A==", "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "R1x4adkbkgVhxc9hzgUZcA==" ], "FKzmXNUIrd1g2WeC3v221w==": [ "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "c95Jb/MAeM4/Wnq2jSIopg==", "JVuTqfPwohmj6ucokgM2sQ==", "GR80zW702W+xho6dTSNlyw==", "J1cvee8xy6oZDEdA21dqEg==", "3skSbDjTQ02+eNiFJz716g==", "Ji6OY1u39nJByKzCNwfpIw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "Aet749oXCwhRnnY9gEGYGw==", "1I7VtxkB33ashDX0kB4Teg==", "urAp37uxuwC4aDQBOIO/rA==", "4Rtn3AG5Qs+0wru36+KhEA==", "Tf9GPe0ffQbxf7Wogt3Fhw==", "I3KZ27LtYpZ2XCNeodSc3w==", "nZWUanjTwczZHAOfOo7z6g==", "ZNwy3QgTwoKlAhTZV5z0HA==", "TVqcz/CPKXEaCyVgxqS/9A==", "0O+vZNIOf3k2A6gcV08l+w==", "/Biu0Ok5nwCG2XG55i0JgA==", "qwaLsgSownBAuP4PEhYGjQ==", "PvZ0wY1WS+Oda/0LmsfVWg==", "OWkDuwVWzveyu3TOzKkSvw==", "1VNF4SbZzJg9kuE9rdY63w==", "GRZKMxDpocVUp21tw3FZwQ==", "0cWQcHQSZ2tFOKqgcBWmjQ==", "OwYAYm0dYhHTXejwRXBhmQ==", "eBEaq7QkFFGIjRiXXe+5jA==", "0Km4SjpysXaOB6kksVVDzQ==" ], "FMrR4PbDeEhmMEh2juuVnw==": [ "g8hJlpBfWMarbfdU+OkQdw==", "89XrIFUuuXy08LkDR6XMOw==", "NE9uxy8/WRNKYC1zs+0BLg==" ], "FOYEI/hfn+okYJdoTuLQkQ==": [ "uO3OOEY6W3k9QH/tNVK0LQ==", "MMLwOzBcCET4jaa3dPuTwQ==", "sAlO/t+jkkm59mLcdOgB9w==", "4LZWGm07jnOHHBGX2FzAwg==", "uEn9qA67O/SoYHOtH/EL2w==", "e/bnYsWq3UNe4TO8qzzb8A==", "IeTK1HBLKpS1+gfVSPrpvg==", "RoQvxPrgcpXyTej834bT2Q==", "Ve1jg9SxTDjeNdfGHjxP2g==", "VVkxgZwgg7/nXkUWcx1KaQ==", "tbkEtEs3aa+p2/YQaD8BfQ==", "wIIptfGVgtdFwdHLveHQTw==", "mmFI4mA7exd6BfbwTUwJfQ==", "gNGv6C2nj/tHk2ntVJUOWw==", "c8cGZ/4k99JHYnQ4CNatRw==", "oIBUxFCAPk4vRXBwpcmtFw==", "CQPV/OxtJ+DwYc6C4gniNQ==", "MX+EWJzZdHJfUgD+GuMAoA==", "A17E/jDMfAPfGiHuzUJcGQ==", "A6+P0KouhQ+leIPeQQbUvQ==", "kb+dJWap/vqDJjrjHMXEJA==" ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ "iSzOvPxPGZr2PfJTBTQBCQ==", "Shxtnoeb6rhU/fPKJVP5cQ==" ], "FoUYQJca0lwtZ/1vlqs/Lg==": [ "+sogRO7MZKXHT07LeompQQ==", "WN9impUbRzm+dw9sY8IWzg==", "KC4H6WRPkYrWvXb9OC+odg==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "uglqkYqbcsDd4SCu9NI2Ww==", "kLcAGGGbc3pWzCon+2kDLA==", "GuM8+Ku1VtBzfPk3/FCgzw==", "uFXEnN9gepJ4+HtQWdLrOg==", "6J86dffyd+kQEKbjTTbD2Q==", "+o9j0Llb6+ISl2S6vmkRkQ==", "sSpyMuxbh/+/Nula2ikXPw==", "Ihq7mkhGM9sf/8QM05o7gw==", "FzdPtstZ+v9Poa4yJ7bYnA==", "VaKG59F2yakPJAEOFL4Asg==", "qk9S8kWzmq71qXaFOZgOpg==", "mXtloR/ustBd3YdFN2xuJw==", "Wa6ckvi19N85obTr27Z/+w==", "WvFMXlBuN1xBtbJATgFX8g==", "RqavhGB1siExZjIV6Gyz2Q==", "lKTqUwulx7XO67+VKem76Q==", "h6GTPnls31RdKBTZJul/dw==", "gb5j6KarixX5fipxRp1LNQ==", "j6J3aybJPyGqPMBpG68ocw==", "dCUBvfGyOSXO4VY8QdHggA==", "OQR/VSsiAo45bFrdiKL3jg==", "C0mnxp1ZuFsafzGYQTHI0A==", "nhrGIpCrz+AkUCXc1l2xPQ==", "gY9+YsbpBVhdQiQFYUR+HA==", "Jh5o3RxPyg4est5mF2Kcww==", "IzwOgi1LaoKSG7s8r3KRmg==", "KUOjtDtz5gm5LGaNBST3aA==", "PGExK42ORMqRWXq7JKsHPw==", "B/Tetqnl0UD2oPlB1GgT7A==", "SkebAuLx4OQKa5x3b2ygUw==" ], "Fy3bplraTnRnJlV5RewauA==": [ "7S6xxC9g1Ybp0dqQ63V8tg==", "cbIq+LDh02KLTHswWXODkA==", "/V1UHbXM7rd1scgtSjh2kQ==", "S7J4DP2UGDEb5PoiShUqwg==" ], "G+9N13KrW8llfPCf5WB6VQ==": [ "D5fboEqFvUhlyR+olH/EaQ==", "vqqO8LGBb+Z7DqKNNvwvFQ==", "oRWEjPcaLh6wk9wF4tCyHQ==", "o16kBwzDyL2DXuhbCPWX9Q==" ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ "cwXdqs9AFOcThYn4e8y3yw==", "oGVW07Zdco+t8LxGqPbEUA==", "9b3hAQW/ubh4v6zyl2M5Ig==", "M0WxNlBrWr1WR0ACcsFS3w==" ], "HbglDdnV9yne0i8jQL30HA==": [ "xoBHgfp5wgIWy3GYQTKJQQ==", "NcPLoHAzsoXhM7GdshqtXA==" ], "I+WaA97GC/ibT79EOQ1/hg==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "14EBaSYBL4fLL4zgayhBkg==" ], "IEOPnSI+YMVMmOLLC+bSlQ==": [ "f4QDD+YvES2qKPm12WbPwQ==", "OdcI0jF8LiFuCSbWJG8BVQ==" ], "IKF7K/1fqT3je0bcasBeFg==": [ "0oSuMO6l7Zw5zu2u1O3EVw==" ], "J/syUZ/V3aaUrNt/Dr2u9g==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "/MWzwBJlhhNbF+zp0zgq+A==" ], "JCGQTIbPty0c46D5t4dVHw==": [ "Yd+jdu/TGJMZbAeBYGplMQ==", "iEmJ0GmqtnnVYVaxRdkVag==", "Q68PtYAoFZBVQr3VSCGeUg==", "kp7y/8/qIa8rhviA3lrmrg==", "vzES2NKM5n8arX8C2sNtvQ==", "cXGFX+eCyapcmfysk5GPvw==", "NOSEsCHJCzFo54uCS6XP/w==", "5p9ME5NbZ6TNoBiTeUNQqQ==", "6eOHn/o0NPz2WB6bK17c1Q==", "tTPMh2mU5gwswvtBybuwSw==", "/SQLUtPnmMNtkWI7Eg211w==", "e6LZ4uJxRzOyLre8rcZ0vA==", "iyUEiVvehckWkbAo1xljbg==", "aAVm4kpbzKMBBNDUUZvawg==", "06nVp3HoQkp2GMYq8FEEOw==", "68PvFI3dajBFq18y9meP4w==", "XB4RQ8WaFJuxAC8ZgyKRNA==", "PrviK3G+tpQstfFpKzyLbQ==", "Kis76swMoxK60VoW2+1Vqg==", "48lNYnhXM2oSC4VxxSwcLw==", "p1VyabkyUDrwvan/iP7K5A==", "v2nAFtCuOV3s9lp4Bt0rGQ==", "7gTVY7EcvrRvn7eolu6NCA==", "NqGNmtc5kTbIsAJujpk/5A==", "SFC0+CA5TX05a3ET5nJAfQ==", "m9bQWf5c9pRFKrNcvjU06g==", "yOD9sFmw+ZkhtjrTzOQNtg==", "DXBPUXYExkMtNfA8EJDngg==", "ljV3kxoZPw27QJuT3LTVew==" ], "JWSejabRwbOC28zMUX6wRw==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "x4y353xwTKkgu0582Qh5wg==" ], "JaDqP2PIekJ4FuDfyPDUKA==": [ "gCDAawtTyfC//zBgWDdiZQ==" ], "KlSRCTMecbL63Kg+FZjUdQ==": [ "RbbjYwzsUzC1jY9FlfA7DA==" ], "L1wl5gEz2lzyNJbirzPmpQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "Ldg4Wge0D5hiTxUZpj8f0g==": [ "4QrV+iEIuMF03cMu4O7vuw==", "NtEaMSL89ZwCt5W2naHiww==", "RRRidvlWfinrbdr+19nt9g==", "uVmA7GUNWdA65M4tmw++XQ==", "ARavVWjHmRczhaernCzJXQ==", "tuHArjfmqVqOkSDvFpG0MA==", "k5rG5dJ0YXUfmpLK9l9ICw==", "R4PdQqTg3zX9vQ/fEWwKRw==", "EX/3XuRwSFTfBZGrORFwLg==", "t4zk3L2NvO9RseSjbbwBfw==", "jNk5fjsXDY1nIqwNJG9gBA==", "Ikyc9EmuNiVgWGOKk4WZOA==", "b/nsl3W/3xqqNm66ResZaA==", "Wsq+mYbQsKJ0v5uT9JRfhQ==", "hIYK8dYP12YRdV2TNfMD0Q==", "spUrZXE/9T5L+D38TKikhA==", "JMvG86yx6E9/tNvKXj3aXg==", "qau+Fm/24UQljHWBD/OZyw==", "7TkNoBjD7xTi94PdPYIW9Q==", "8XP7l1FAhUYb80xnArQFXw==", "xAlRzDrHkxl7HU8mOIxIvA==", "fGKSZdBeYQo7tqM/Z+1Gow==", "PNIOf0qJAfA/0zwZhsKuTQ==", "+lMwEA2uH8A4fM725P2qbw==", "8bf/9sXhoTl2WtnvESwDMA==", "bhA9iwxy9MINYhbMyTn1hA==", "CrxMnbVu5+FThOr/VFYAEg==", "fArj/oGEQJYMqcLV3LNH/A==", "O2qd+cOqTbjZsgRTNj5NWQ==", "X3NBOrSivf9I926V0a2/oQ==", "DbCjVGiras7NuLFjZ3QehA==", "RlOfhoCCkdSSaNMAmR7TiQ==", "e/v4SMj2wFe/5+CPTpBb+A==", "b4Z67JiG3MMAzmfec/ENJg==", "kvStyGN84HUBQGFgfm8YsQ==", "mMne5M/uo8CArUpQts+E/g==", "mgiAXi9bEDY+U7GKOk22xQ==", "j++bgkWi+YcL90tYl7GuqA==" ], "Lp/xMYo4cC+PpuBlkEhbWg==": [ "vLwZHKX/1eQ4D0KMc8goug==", "FQtJqOj1l5gE8G+LeucL6A==", "Wzh+oxEmmD8N98PMCI2K3A==", "V0122WZRlA5XXWrSlR4bmA==", "g2wHkBtzovCWgCo7+WkU9Q==", "bBi5lk15Sah7ndADTEj8LA==", "N2XBbpFgz82/BEKg4r/+yg==", "2eH9W4F26wqZW3F9p3BYsQ==", "Ml85HFgT+RUvCLz8nFVfxg==", "rEdDUf16brwtMXDyTJsMjQ==", "1w9jpJ9vgdmPUPdG9Zz/6A==", "ph0x625aARsE8YFKgES8uA==", "oC9Bjc6XSoXXuaCbtXPlGg==", "gXL4B2vaIh9GAfuTjlS8Pg==", "06nVp3HoQkp2GMYq8FEEOw==", "gbEu2I8wF+wTuk+ZpmRmjA==", "uJCDkMoBY4xBDdgsAXvBMQ==", "U0WTbuk2H1FMZfvvwahshg==", "/3j+rzG0OwcPwo2Rmp0+oA==", "yK+sCyttf4bGyDBAO3DTbw==", "kSIDoAhsP/87TLsxcD9iYw==", "1meZEc1EMJYaXdLY7UlMGw==", "rjqWU/BvIUu++SGGPw8TnA==", "txkZ/58CgqtFOXydvP1XLw==", "Ay+x1p5pYFwnvUSAM5q2ZA==", "YRtomD2mNPBaDnjgdnhCQQ==", "nD1KRgcfZaRxt4xJsj1tug==", "WJBwm4d60DO+1FjtmE8o6w==", "TyiFIiRoY884rekStii+yw==" ], "MXR26wvfFq4/JiRamdOfsA==": [ "25AN5NeRgxRTLC+pN8E4wA==" ], "Mjle5B5h66lsDAGaEb0h1A==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "GtECMHzRoeZKh1TLvpCt+A==" ], "MsMq213pNjOV+46+wi8tyQ==": [ "JSPMHRCFZI0X3BUC808myA==", "SstbtJyplu6wT0tmTKbr8w==", "pr6wo3A29JKUBSVK/BGExw==", "V9lyeZvue30g1R6RiITjAw==", "peMVLpnT962hXrm4IDBPqg==", "KJGsgMArislsisVXSZHY4A==", "JTwzSHX5xKxgTtyprecVew==", "WIbunUW6+W30QKZc5Tmqzw==" ], "MxYp6jmrNGPG4EUMxgtsIw==": [ "SPxMxLW2DZ8IvP04UR/H6g==", "hGz8R5Dny4UCIDPZzXbK3g==", "ydN/9qW+IO/7qUsy09APhw==", "T52mfTsBnquWm4qc3cKfWA==", "gvOYexCvSFjRc1ovPwHsww==", "WKEI7EQhRkCAgIF18HZjKg==", "kUo4IyXRh1XFppRDAqTNnw==" ], "N6Nykj9OHLGhZUXyjmuxgA==": [ "eQlZ6TVCSDW0YD8sgXyweQ==", "Y3WKF6/Qa3b8kujepTuCsg==", "Kpiv/TrMWtjY1KddUGr9vw==" ], "NOK9CQMBrSIXIbB8sT8wjA==": [ "C0udSo+foVK8TphEaJ9u7g==", "CoMZiX0VsWNhKSQo1NCYkg==", "ZPTYG1GW4N8khhdO0sFXlQ==", "Jek37tQeVdKEwtu+6a9/CA==", "RLfmH4oizoEHB59VpAV6Kg==", "BQivQt20Anl3mLgiJoMKAA==", "noUIfMZn5dUZdEKTi/GsOA==" ], "OD9rasSWx3gpljb/Y6wfUw==": [ "5DOUgppde1j9udFySlg7zQ==" ], "Ol1YWxU11Z64v1nA/zb/5w==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "On+NX4Yr+KIGVwagqPDWcQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "PTFUIquIrYO4PcMvo6vxMg==": [ "jlhRpuK0j9viGlxiAnKR7w==", "UNpQq3W7NuU/YvxyKob7dQ==", "2CeZCuCny7jSZBuuaMXULg==", "Dmj+1Th9y/xKrHIFa6FtQA==", "AOqYiSRMsYI7D2mmuqAtJA==", "dx/et2OZXdYVZSrhJfSrZw==" ], "PW1RAxkiwx83tVBhyQViyw==": [ "lJeTT/Y9HVuGmrDkd/kJpw==", "Y3WKF6/Qa3b8kujepTuCsg==", "BLkI3n1XefyybyaipLStXA==" ], "Pw9vkrF+FmWj2LeMt/9ntA==": [ "gBPNXzwjgVa5ca7lHwiyCw==", "MVgMJ2ENOjoZ0DpCkviICA==", "2m66dHT2QDwJh4hvsW6NOQ==", "saBs9oNOsYX5kiTMkaioeQ==", "Opv2ZJKgUn+U/J0TWXn7uw==", "gXGTVqEE1sJ1zRCi22QFfQ==", "DxGDt323smYx6XdCiIYGnw==", "NAeLRm7CJFLUTEpKQNt7kQ==", "js8i7gcaSUkeCD0kc562Bw==", "ejuaJgliYRMqa1eisyzj5A==", "1WJr3usuzwZSP7U4KOlWQw==", "+Zs4a0HA480wHmF7KJoeNw==", "hrshc3JV1jRyp5Xnhxc38g==", "axoy8GS3FJZXy/Fso4Xcfw==", "ftFEFfGG+VeyR1jgHtRgSw==", "G6hgi2PyRML5jGfMJD1SYA==", "tAjtjtLQRffvPdu/MRsVLw==", "pF2JpxOM63dkisq1Y3Mt1Q==", "oc1sV4g+opFl9qII5XGKRQ==" ], "QJRhZnlhvKxabkibTf2YwQ==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "teVzqeXKz5qAL9KrVUsKAA==" ], "QwKK6TG/JtcCly9jntVf+w==": [ "de6Wm8GcUOvZ/vqX7ogEtQ==", "HOYwG5Rw5KtCLqSTp9IaXQ==", "RATpPhLUqjEbe+XxyYxOOw==", "rO5a9fYyaqaIZ4bH0M8fdA==", "s2uSNGuV+OyVW2eHDGWWKw==", "8ge47rqVvHaefMV4OlZnlQ==", "o8O4Ttqnv0lQfm1yyfyVsw==", "TIcWaTRsDD52irGN4xUQyA==", "KsboTEAsiwsdLEKIDivkyA==", "LkJjju2s50oKpBRyBT8s0A==", "Ah03jmj/7fQOqUbg05PtZg==", "YUwZZ9Cg1FloxBZV60vOCg==", "+PjI2yN4wCMPyf1oygeT5Q==", "tLSR0X6hQ7hvyPbBXZslBQ==", "GnBCRP9H+R6do428z3nOkQ==", "93O9BjbBwz1jYmTNCzgkUw==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "lHLNxD93t7uUJfmDhNwvCQ==", "uDfc8ZaPfrhTGcFwVaIvAA==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "aQGx6Am8fU9TZmcyiMNL4A==", "qEhRdzGH44SGjJIcqcIv/g==", "2I/0B+uXhxpPJWXGwNGlLw==", "BfDjqoaYrd0NKCGGxtokTg==", "e7h3lwyDkLbzwbeza9/TWw==", "zDmU3WG0c3AQYw7NFebUCQ==", "6dwQWrojfQ/1hgTT2PQckg==", "h+nOQU6khNxAH7kkGqVqkQ==", "g6spFzT6DoopzuQCE0pjRg==", "oVgcRSL89qnSRkMXpV8N8A==", "zAQhwfD+1kpXY0CwZC6HxA==", "1WQ/LJu/kefEuHRv58l0Lw==", "6MW1lRUdNNc4s+6uD2JNvw==", "QgRg8usqYLpC2SzTmhUKsQ==", "19Kvl4LS7MCiBo2cRD5fxQ==", "X3WuoMxfqKQH/0bF7PkAAQ==", "zx97OaxgXH8j+mFWesQySQ==", "JtGggrfMckWn0xvfWBMJJQ==", "cjoCrbQlAeGxtTPUlcMPuA==", "NeZAaBfGrzLvaMKrJL7WlA==", "XuMP4XKeqFlYH9jgvFKXXw==", "+uMSPU5jbqI0+jsP/eX6PA==", "Qe1reyLPtQVZ5wKqKa9jQA==", "eekbTUpqIafepE8Hfmhn6g==", "JD0llI0bGUOG/VBz+9LeVQ==", "r410Z5X0yojDsVg9YVcNqQ==", "BS5Qx6nN3HmM64VVoKmayw==", "qug1advw8m4TjVAUPEUPiA==", "/YcdipQjiqJUDpddwhDiIw==", "HlOu0EmTxHkjzmJeJEuJmw==", "XL1Nv8y45q8aiA92A99YyA==", "00cDk2w3qfvdzMbO27c/+w==", "oyvtOIVUDqm1ruQx8vhRhA==", "2RZ3u6UmceVG9iB/xb73SA==", "cxMZ2TEnkk6RdtuU9fDThg==", "I3vwwgMxzxWo15otCOgvAw==", "kaUbMItvWrS1leJMEsAk9A==", "GXMpRf2go/wGEbwpp9BPPQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "2sm08sXcjWtT2Gtu3CdSug==", "0YVxD0vSH+0MhijemP/Jmg==", "rJljaCTiTdw1uI1lvfy+hw==", "qYORp6v9x0Jy6S8OKerZvw==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "s6kt2DqKLHgzYSGciPtGtQ==", "UBzPfwycyyJOBETwdSTG/w==", "lz6O0nYiDpis8SScmTUuSg==", "+hBhqk1qKnkU+nqn6a96qg==", "OXr+UvfSDAQbLGP4xOBSMw==", "5D5WFK01Su4Lrj4hhwDYGQ==", "7AoZZiCMmvqX9d9WD62FnQ==", "W0TAw6aTfwXOMlJwloDkZA==", "9avTgsTrB6zaN8UjZ37Wow==", "bACUKZThWu3kcO82NfO4eg==", "DNd0sdbW83acQbIl3FDaPw==", "QbgvVzhz2dr5BDvAUM6wFQ==", "0v5F4x1W0RxkklLvRs6NKQ==", "cMY+6QfPqyOZE380Mf5rIQ==", "6asSIEJz7ggo9QEXpbSOYg==", "rR226S9SV4WbmIVotM0CsQ==", "T5Nghm4crNWWnUrYvZZItg==", "qWK7H7gz7e8gS19GJSeIIg==", "kTyfGInwWoCVv7gGPYCF5g==", "Q0D37bmhhLGtYILIAMgFXg==", "6o8ui0RxMttDzkyqTDO5tg==", "3Lvdmj//2sze9S8I3n8yrw==", "ylg3k+AtgUcIl3hJiXNMlw==", "AIlN8RmMOvhBveVuVAyHQQ==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "b2xf65/2S45gOxG8Grxy0g==", "u1caIbS4Tk6y8c7sz8Hvhw==", "bh7RRRlNP555+LOFASdB0w==", "GfPY5zBbHJQI4ZGaDcJj2A==", "w8af/LTYrBLWhYkZBSi2Lg==", "0bK7Vo3x9SXQYvDvMmgzXA==", "QX9gQ7esz1e73iQHmwojXA==", "Rd2hVVbUws+mcvoC7DaoiQ==", "2luu38jiVQvy6qOXHFgpAg==", "Y6TEBwH0+CoZ50j5sQV23w==", "hxluEp8Si16NQcfaJDWcLg==", "HHBOKYlzeD2Busv7btyBAA==", "MLyBE3p9/9+LMOMl2JBi6w==", "8efBqSZ3OYqd+nT8a21FNA==", "JmKf//IQj2eMVJFTB1Feyw==", "KYv6PwzjV6/5I33cZ9LUmQ==", "w1094TrprBpG+5TZJus6FA==", "X10PEbhI2yv6KYFUPacecg==", "2UHqEqfMIIn53NkDlDEppQ==", "zoCeQAIu1TFmWIYHnlYddg==", "gGrGej/Pj6/poAgebFb+dg==", "AYOaUiAITXfmzrid+CR2Og==", "y9E+Lh5SpPDKe0DW19HLjA==" ], "SJ23Qf9ZGTl5HD5F3qeZTQ==": [ "W+p5JmA7ns+QxSud6NKuiQ==", "jEwfbMyfFZbq+8RZhi1Maw==", "zY61FHLduccxZAfWDpeM2g==", "jRtF/kn/3fSzbp/7sWwiig==", "RCSfHTV46eUaJTK1sFhTkQ==", "QTm6CFJsupGe2cLQ3aQQbg==" ], "SSFXEK4vNCR4s9ImWtXtgA==": [ "AUiFITCnRjRxctzqqbDeeA==", "GAn7gWUe2pFr7PbwechqxA==" ], "T2VlKjO7CHKpAcTlRn+i4A==": [ "wyKxcZRF/hg+LQiqCVC6rg==", "LO9VaXNyE9wfPlXASM8Lgg==", "GIt+rXiJ1hpuAn5rnaCDVQ==", "CRdqDQfrlTpkB4MzpgBS0w==", "c/V3UUetEWXOe0XME5swFQ==", "ZvOFKEq7oWW91gkeFtoU/w==", "p+/lVnQY390ujHn+5BtI2A==", "NpL+GEKVroRZflTiMJBC+w==", "6c0JmFCu9UsZ7Ix2LCEP7Q==", "qjR4mPW4a9B3pl+6YNwqVw==", "JFHwM9gmv9IjLHv0L9sxhw==", "I4m0z0FYouLpY3jsh2J5GQ==", "VdZltxXzmKHh3CVFAqDYMw==", "8x6vUoRScU+5Ju7vG69IKQ==", "sptuc7ZZHxI6LEMAs9uKnw==", "kp7mMuZUbdcg/xR97OICPg==", "hqRw6qkUism7SLSc7yKfvA==", "sc70wAms2Fm/s0Onai142g==" ], "T8zXVQHo3h0ASj7NMqYhvw==": [ "Y3WKF6/Qa3b8kujepTuCsg==", "js5JzMGM8uuQxX+aKnVURA==", "XbcsPhUJZcz9SAjlyzA2Tw==" ], "Tl6ebomp9GQLN9svWzKp+w==": [ "6jOQsxIUcEw0PlYEWTWq1A==", "3lUu0msi+b5w2eDC2c6lRQ==", "VobzA5akuxgpQXC8/BOSTQ==", "snkpykX/Nuv1Y3FeOzr09g==" ], "Tob5YtKxleVTQzw2GCmwGg==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "tfTM5/5/Ffu+a3mCMoEEnQ==", "7cwLSPInvHIbCgGEnagmsg==" ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "EBCuVKFXSUvVJtsrAG1ZDA==", "rXfDRM1LVoEbyd6JU1iKcQ==" ], "TzT9ayOh2hZShfYtipxZEw==": [ "ndiQlGlGFfiNqSZTxkw6Jg==", "CKVMoyANgkZKdV+dChbXnA==" ], "U0P0dNPn1iUcw6b33AAKUg==": [ "dm+ndyaUV9ItZVXnMeopkQ==", "ek3+7A2JecsNdDGEqoDjTQ==", "HxI42iSjURjRki+uV6q/9w==", "hbOAbiOJ6F6ohNePMmRtlQ==", "Sa5f5jPlFl2oY9IDRio54A==" ], "UAY1jP87klJyaGdFPK7xTw==": [ "3ktHS+YZSMYXCkYy+yNUcA==", "EfJQ14qFSb1S0rB4VJRXzg==" ], "UQ0iR6K7H7VlNJDWtSXu8g==": [ "+6d/SeOQYGr+iTSAhpcDwA==", "UCH2epLcJUWMTm+igZOEXg==", "beUGNCG9iPBG/Zz8r78LLA==", "53g2lPwzOLmoqCCLIr2InQ==", "bs/xgRqGmS+1ZakXV+VWbw==", "epxZ48/SIfLXd06fZqIspg==", "grTEewXQ3rAV4agaHcml8w==", "0ZY5ysR3Nkqr0/VhSIiqfw==", "SDm/mWtE0NpXgrgtbv569w==", "X1XbXShyT1+HQUnA5EVJNw==", "w820AArU7EvMtvlZkNuyNg==", "pH8+w8Xtk7zJJtrUbdYyhA==", "mGnF1yHBoKIJbRzNCdab+Q==", "rqTT1PftBwEJGbicjw/9lQ==", "06nVp3HoQkp2GMYq8FEEOw==", "UcmwUm0wHBjv37lXXIJfRw==", "F5n5sm3U2fLvNwQ28Jm2Og==", "gO/zNtynA7F2O6aq8GoPIA==", "gW0KUmpTUJYEkCwOP2FqGA==", "VOg7AkFDBokEo83cvkABxg==", "Wz8kfsjiUN7loN7RE4toRg==", "fbGCR/SwRYoDsuegA9WoiQ==", "t+NryM+08plBxhjTGAyZtQ==", "Gu/ALKpmZ1E7BQoY+IaWwg==", "m8JLumk5EhM5fKwi6Y9sfw==", "SJNAwbr1JxOIEghGlwyxyg==", "YNouFTBaiJNQFxYyrJAQcA==", "8E2ckAPYq5vgQQfdGbTALQ==", "X2Ku0r4j5/TnyjHzd2AMwA==" ], "Uh923oEysUV/Jd+lAsrExQ==": [ "1CEt59+PK/QZsDtTC+bpGg==", "6hAQW3vY9ZA/8datv1rY4g==", "XMRntDldPNvYaEN1H/aMEA==", "v9+1y5YeigbSyCurLz2YHA==", "hcNgLCV/TsDPpNYUtRv1MQ==", "+ktUZBMzpotOFKWwkqT/rQ==", "14lZotAMN5wk+cTM9uFZ3w==", "0KHHRM3zzr0IWKnLIse0pQ==", "yiCqGYK5YZhv+xV3X+Qx5g==", "sxs9MTyG3z1lQbHqC24JIQ==", "4ujix5gnAeEadtReMww1pw==", "y4mCwDYfTNPe4spWKWwjwQ==", "lgDJBQQ7c78g/JJCPZyTdg==", "/zoTHp0WvKz9OUpG9Avr/A==", "IwsFxNbWx/oOWnYknyaGEw==", "hOaTNNHYnZOlOC5ujyrkpQ==", "tmgvL67F6tn2BiYH4dbG+w==", "6Ol6gaAiysVTeqKKxe3zYw==", "tn0LvNg6ynzrjuqYII6VjQ==", "NXbzIDafR9RChazwb+mfnA==", "xUh4YuirUHAz/J9Ww2KXaw==", "wqk4HClUoIMMf7SUpa+Adw==", "zlxvoUxhbbvyCm+ir0eRIg==", "9VvdraQVg0WcP0owuX6zIQ==", "OrpwQ4JCTp8hxISKERrW4A==", "1t5vfb4weBgYFo4+aa7JgA==", "zJlrDTLwkYlMUMmfRWCifg==", "1bl4unQLbI6q/jTzaoJQRg==", "DTfL5gh0GrLkUT7aOd+/wg==", "59VgueYROa38mMA22PS/AQ==", "Jt4td1wEVlrBnm04zKxwBg==", "KTq8KY5x881D0HtG7n7QGg==", "lKWd5TH1rX+jMUJKexEO4g==", "3JWY1ykysfjEg17d0NJpug==", "rvXpPZHCcQcUEdKMC9tJIQ==", "uFegF3JDarHwmUsDj39jKQ==", "erPkEyDHplTNz5OUVOYC0w==", "fp87zNEa2D9uFt6aQDX/nA==", "26vucREXNCmqzRQMZsDgrA==", "2dQp0PI1ZIP8LVvMDwgOAA==" ], "VKn7W/G4YSPWexQiMm5Mpw==": [ "4C+2NmhWlLNDgrLkoCxMIQ==", "IxZeTNW5zQC3d6tA1UWyZw==", "7U1Bqk3SYRpoUTT7MASRRw==", "7tQ8bKKtgjjS+bXnpQbUEg==", "+lYjBQ1bLfBtqJGBvaBscw==", "EOnVsQprB+b/CxweVdPdqQ==", "K1F1BogJuyquqVx4npl/+A==", "u/GlygAJjAdzCIr/SG3QgQ==", "eCD0Zq+Sv5lVZTbBica/1Q==", "cPq/U1/7qnqQE3GmlFCwvw==", "hlxmQBFaQxEPXXbn/iv6Hw==", "T+8eeJxD0Rq4071H40RizQ==", "i8dk1r/TRekVIPdDRGnYAA==", "uSuvSdYIemCRGlfv8lGkuQ==", "O2qd+cOqTbjZsgRTNj5NWQ==", "X3NBOrSivf9I926V0a2/oQ==", "DbCjVGiras7NuLFjZ3QehA==", "RlOfhoCCkdSSaNMAmR7TiQ==", "e/v4SMj2wFe/5+CPTpBb+A==", "b4Z67JiG3MMAzmfec/ENJg==", "kvStyGN84HUBQGFgfm8YsQ==", "mMne5M/uo8CArUpQts+E/g==", "mgiAXi9bEDY+U7GKOk22xQ==", "j++bgkWi+YcL90tYl7GuqA==", "kW3kBkBylDrqi8VPcr/e1Q==", "vO0kcWwlg/d0NtEQqm2dHQ==", "wwDsyu2BEzBGB5DYydRkYw==", "zQ+wurn4Y1m7g+Dod0JrXA==", "/sU8IhZ8FGcY+dVFZoJtXA==", "cEBSRCjTfMgbAUsOsjMnqQ==", "3KEo4jXvkQ06R1naxLxnlw==", "WYq9HRfAbPxjnZEMhN73Qg==", "hc++EiPoaVY0Qkk7w+nh4A==", "a+JwG0xBDvmYEUUxYjq1Kg==", "DsaGCyQOCA2KVqXwXEUIOg==", "oWsNWJEvop+AFYK32IL8lQ==", "sqtVXJL7ZXdn2nvMXuC+4g==", "Du87KR4FeuPO1XKDGWPfTA==" ], "W4amAY83CsyR7zQ0GM7zsg==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "WGTPzg6kcF7+DBqm8j43JA==": [ "eEdM5b8SNZw5B2W+M8++aw==" ], "WN9YKonIBKVWuMNAg76vrA==": [ "eP1FG6VgmguUBnU9hC/AUg==", "s00I6skFa5o9PfOAkReUDQ==" ], "WQKADjeyfRD38rnEEOPp1Q==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "xZIb4S2QRmsQOqvyUKACAA==" ], "Wk7LqC7t+o2XGJ7GcNisJg==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "FgZEwRHfIJXFMTMxMr2/bA==" ], "WtXZ2fXaMBz4LgxKVaglcQ==": [ "6QPo/X4W0vdkqzX5IoKaHQ==", "AsiuN/8gu7sZ0PJCLihjmw==", "0XyIJoIqTLxnYiZet4x5Yg==", "PacJvOG68IlKYb9U+duwYA==" ], "XE8zSisNWy8L6qfbOa8bgw==": [ "uqtArQDYlZFUJZeUv4AmZw==", "+S1eCXocxDUImLfRgrh/Zg==", "Xm/zEP9A9rmz22EcVk3YrA==", "EH9PvjnpSsw6jAD9jLOUSw==", "IXgNENEfalASp1BgUmxapw==", "WjwqFYHIpeFIRVSB9rQ7Rg==", "sDamL08DYL9URybdOyWb+g==", "ES+fyIBHuPDzcPe/BevT0Q==", "rV+AIqZ70JJr5ykX/wSMqA==", "wP28HrxJ2NswytUtk1XQaQ==" ], "XMPq7+46c92RSax5sZ9PZw==": [ "giLBrK6czoD3l3BDs0Jfcw==", "OFIelSTGJAvnMHk6/6CzoA==", "3+Tq4mPPOiL6olm2GLk5Mg==", "3VdtHqtIaf9cjYBkwOn6/g==", "jiVVTQmOtKqVixv7agF/Hg==", "XMZYTX/i7lOXfIPea0g5sg==", "8kndQj/aRn+NNJdGVP9v4g==", "FE/mnRiATGHgivPxG+13dw==", "InyvNMAfT1Zl5TKOPF5zkw==", "AwYRRq6SmgfJLn2NZxQUdw==", "PKlJ+iD3hwJNxdUvXPohzw==", "o7Wt0RgmjSYSjMhb6uYQ8A==", "uv0xK+bSjUByf+SifqjJ2Q==", "wcNr0VBORZ/YM9aIEuV6XA==", "8UUCxMXAfRtBuDf07+fISg==", "BO4mpvHlpA2VMxVuGCs5Gw==", "KwrizcJTvx0lAr8NWSRHvQ==", "IygWF+tpv/TjlYP5Xn2XFg==", "GklzFsX1Kbjw7XUdLCRFCA==", "7JZ3MHJevu7noH+KiM70cQ==", "lTBbmC+SvCXRPdEhl1Ahaw==", "tYNhc55MEKpBCY8cSsXw5Q==", "VTdtsdUTUm6LaoM4gIpvYw==", "oUkJIbYpxyFXjg//yD+o4A==" ], "XX1gx35T8rMzed7p4qESdA==": [ "TjEkLXWfvQA8WSrW/tqybA==", "zkStPEZlqSplVlCvCS/Zdg==" ], "XY7Rsp3abvPv7z5PedxTfQ==": [ "RrbNEAZ+bJrZ+zzACvAjBw==", "cp/A6si6B6vWVQNk17XSnQ==", "K3j3nYCvhPD02WXNRIsNow==", "5l/3tusnYjPGFyuHyfqaIA==", "NqnvbAJ9TE8i+K0jPU+gTA==", "v/e7DnxVAlpegLOsTN2UPQ==", "Aqat44uV/HXBHu8WYGkCVg==", "mzudbhzyxeahL7ZqcHKBNA==", "8aaFS1jGAsM+0YwLvTiCyw==", "8aYuxdRIfcCiBh+0fRkxNA==", "CE8stTAUA4YcALeC7c3h/w==", "RIB897UdZi2GShqV1cDBcw==", "a9FllBAJiFi5FeYl0KG4aQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "J4b5dVoVJ6TOvSQqt+geLg==", "F6QBkHsQuDYkHPuVPox4pw==", "Toocv9UWe2zbLkvuaDfUkA==", "mm2TrpfZhVe16kqFBRq/1g==", "ZdCiHmwhX39f7Nxq9Dvfig==", "EdSmJzT79gNsCaz3hmp+zw==", "XD8Zer8JIEHfKGC4G2WfMA==", "o4XSf3iuWcKQUGp2hHoEXw==", "fLQFCII8wF0O4a+xMrB5uA==", "vGiwA1iecWkM9TCrP/cOdg==", "hv+ParDx50dAs4r0Ndx/ew==", "2sdR4GjmaEV2ZFIV+TVU6A==" ], "XknZfuy4JTIfmNl9OaWPvw==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "kwBmjCC7+d5xUliMZJPNWA==" ], "Y7RfEE0STf2iJPRrFks1EA==": [ "nXKbfJDunfdn7rpKOTEQaQ==", "8090a+9YHf/MvdRFP7qTAw==" ], "Yl1vpKVHRvRB21rCddLWsw==": [ "teY0YQnCPIVyeq14QKaH3Q==", "FKfxYqe7reNA0NF11Vyh9A==", "Y3WKF6/Qa3b8kujepTuCsg==" ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ "cbNKZbfbJhPfPLHi6va27w==", "TEg+H5IUFEuL8/4VudXtEg==", "arPTXFJYsCT564EgyQClGA==", "YflZHrpMaALkUOyhhiuuUg==", "lYfCoUzW92wHdYAjBr0Hag==", "uikNRmJj2VyibU1zT+Mneg==", "vXi2lz1to7zuM26Qf+5v9Q==" ], "arzS3GnLPLKzM8xRPFnUzw==": [ "P9a8nTOFDYbTUSMNt0VDfg==", "t7klIbkcqJpX+Hibob7+Dg==", "tbhLz74i3ShwS72WbIsoOA==", "RiLxHaGbiEKepqyUULRcvQ==", "VRs8KQ+fl8HuGMz4R8czFA==" ], "ax5YZqtoTsGSLh5YAOUDAA==": [ "gQ5m9am3Bv84irZQypyt/Q==", "Cc6iMT4c9IbcztVa+/nL0A==" ], "bAHdU/f6fCAnpSF6X2i8tw==": [ "W6jgJQ6TJhJN8A/I0fmHVw==", "gSHRfR0qveh/P3sU4m+UnA==", "dqe0cUL9x7B6/mdr5l8FyQ==", "meNyncb9fNYGERpV1NYrdQ==", "Ju/rL4FlYx0PYzM0GQPByQ==", "nQa7bF7X3iUh1i4gjOdv+Q==", "q4ElF35yZ0x2PA3O3q2EVQ==", "KVmMrg2+bttNHDgckf/UHw==", "0EA2hakQnbQP4+sqk/xhog==", "z2N0HuS8mB4t9bAz3tR/fw==" ], "bbOmNWQZu2GtbHRNTT5LbA==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "bmteRKYcfys3z5xoBsdO6A==": [ "Chjm0vNb++GJsagbOv8JHg==" ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ "Q8sE7E8pAQzfSs4FZ1Nn4Q==", "97VWHZ/vyLIDGiGVXUXTBA==", "RATpPhLUqjEbe+XxyYxOOw==", "rO5a9fYyaqaIZ4bH0M8fdA==", "s2uSNGuV+OyVW2eHDGWWKw==", "8ge47rqVvHaefMV4OlZnlQ==", "o8O4Ttqnv0lQfm1yyfyVsw==", "TIcWaTRsDD52irGN4xUQyA==", "KsboTEAsiwsdLEKIDivkyA==", "LkJjju2s50oKpBRyBT8s0A==", "Ah03jmj/7fQOqUbg05PtZg==", "YUwZZ9Cg1FloxBZV60vOCg==", "+PjI2yN4wCMPyf1oygeT5Q==", "tLSR0X6hQ7hvyPbBXZslBQ==", "GnBCRP9H+R6do428z3nOkQ==", "93O9BjbBwz1jYmTNCzgkUw==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "lHLNxD93t7uUJfmDhNwvCQ==", "uDfc8ZaPfrhTGcFwVaIvAA==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "aQGx6Am8fU9TZmcyiMNL4A==", "qEhRdzGH44SGjJIcqcIv/g==", "2I/0B+uXhxpPJWXGwNGlLw==", "BfDjqoaYrd0NKCGGxtokTg==", "e7h3lwyDkLbzwbeza9/TWw==", "zDmU3WG0c3AQYw7NFebUCQ==", "6dwQWrojfQ/1hgTT2PQckg==", "h+nOQU6khNxAH7kkGqVqkQ==", "g6spFzT6DoopzuQCE0pjRg==", "oVgcRSL89qnSRkMXpV8N8A==", "zAQhwfD+1kpXY0CwZC6HxA==", "1WQ/LJu/kefEuHRv58l0Lw==", "6MW1lRUdNNc4s+6uD2JNvw==", "QgRg8usqYLpC2SzTmhUKsQ==", "19Kvl4LS7MCiBo2cRD5fxQ==", "X3WuoMxfqKQH/0bF7PkAAQ==", "zx97OaxgXH8j+mFWesQySQ==", "JtGggrfMckWn0xvfWBMJJQ==", "cjoCrbQlAeGxtTPUlcMPuA==", "NeZAaBfGrzLvaMKrJL7WlA==", "XuMP4XKeqFlYH9jgvFKXXw==", "+uMSPU5jbqI0+jsP/eX6PA==", "Qe1reyLPtQVZ5wKqKa9jQA==", "eekbTUpqIafepE8Hfmhn6g==", "JD0llI0bGUOG/VBz+9LeVQ==", "r410Z5X0yojDsVg9YVcNqQ==", "BS5Qx6nN3HmM64VVoKmayw==", "qug1advw8m4TjVAUPEUPiA==", "/YcdipQjiqJUDpddwhDiIw==", "HlOu0EmTxHkjzmJeJEuJmw==", "XL1Nv8y45q8aiA92A99YyA==", "00cDk2w3qfvdzMbO27c/+w==", "oyvtOIVUDqm1ruQx8vhRhA==", "2RZ3u6UmceVG9iB/xb73SA==", "cxMZ2TEnkk6RdtuU9fDThg==", "I3vwwgMxzxWo15otCOgvAw==", "kaUbMItvWrS1leJMEsAk9A==", "GXMpRf2go/wGEbwpp9BPPQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "2sm08sXcjWtT2Gtu3CdSug==", "0YVxD0vSH+0MhijemP/Jmg==", "rJljaCTiTdw1uI1lvfy+hw==", "qYORp6v9x0Jy6S8OKerZvw==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "s6kt2DqKLHgzYSGciPtGtQ==", "UBzPfwycyyJOBETwdSTG/w==", "lz6O0nYiDpis8SScmTUuSg==", "+hBhqk1qKnkU+nqn6a96qg==", "OXr+UvfSDAQbLGP4xOBSMw==", "5D5WFK01Su4Lrj4hhwDYGQ==", "7AoZZiCMmvqX9d9WD62FnQ==", "W0TAw6aTfwXOMlJwloDkZA==", "9avTgsTrB6zaN8UjZ37Wow==", "bACUKZThWu3kcO82NfO4eg==", "DNd0sdbW83acQbIl3FDaPw==", "QbgvVzhz2dr5BDvAUM6wFQ==", "0v5F4x1W0RxkklLvRs6NKQ==", "cMY+6QfPqyOZE380Mf5rIQ==", "6asSIEJz7ggo9QEXpbSOYg==", "rR226S9SV4WbmIVotM0CsQ==", "T5Nghm4crNWWnUrYvZZItg==", "qWK7H7gz7e8gS19GJSeIIg==", "kTyfGInwWoCVv7gGPYCF5g==", "Q0D37bmhhLGtYILIAMgFXg==", "6o8ui0RxMttDzkyqTDO5tg==", "3Lvdmj//2sze9S8I3n8yrw==", "ylg3k+AtgUcIl3hJiXNMlw==", "AIlN8RmMOvhBveVuVAyHQQ==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "b2xf65/2S45gOxG8Grxy0g==", "u1caIbS4Tk6y8c7sz8Hvhw==", "bh7RRRlNP555+LOFASdB0w==", "GfPY5zBbHJQI4ZGaDcJj2A==", "w8af/LTYrBLWhYkZBSi2Lg==", "0bK7Vo3x9SXQYvDvMmgzXA==", "QX9gQ7esz1e73iQHmwojXA==", "Rd2hVVbUws+mcvoC7DaoiQ==", "2luu38jiVQvy6qOXHFgpAg==", "Y6TEBwH0+CoZ50j5sQV23w==", "hxluEp8Si16NQcfaJDWcLg==", "HHBOKYlzeD2Busv7btyBAA==", "MLyBE3p9/9+LMOMl2JBi6w==", "8efBqSZ3OYqd+nT8a21FNA==", "JmKf//IQj2eMVJFTB1Feyw==", "KYv6PwzjV6/5I33cZ9LUmQ==", "w1094TrprBpG+5TZJus6FA==", "X10PEbhI2yv6KYFUPacecg==", "2UHqEqfMIIn53NkDlDEppQ==", "zoCeQAIu1TFmWIYHnlYddg==", "gGrGej/Pj6/poAgebFb+dg==", "mnUeQ4Vw9lyvW20zguI0Jw==", "ucnZ3NrsBVYnlUI65g+YQw==" ], "c+NNakWs+nuv9id8/GMRCQ==": [ "OXQ7H2CaA5DhIn9wkh9zjA==", "5DWxn7dmJcIfTQzzUA2+nA==", "9O8vLtOdyUMO1soTy2OBGw==", "irh5kSvT+LkcgG9ddEDxbg==", "qEeYDq0eQPLYgykJCgjNbg==", "YrX1xPwGMuZ6z8Qz+xH8CQ==", "y7LeLW+UNa9OXTJsedT1pg==", "FdHZNK1wtI6/xHHLNOjd7w==", "A7bcOuxkjccnpaTXIAxpLw==", "jD8UkMRQckMY49rmmq/l/w==", "I6USarzQiNF0WDmxnwYl6Q==", "jlGZMt4HZ4sFDGyWBYiG5A==", "rc91cmUN6sQ7UsqR+Khjcw==", "eLH64OubpdVT5P7gyNiMhw==", "DAaQgj58NrubTxbgg0RwcA==", "dQtkeBg4aMq+iqhRXRyUDQ==" ], "c80O2pouI9LIJSZbRJWPig==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "Ki2f8cm5DZbpACKABDaU2A==" ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ "cbNKZbfbJhPfPLHi6va27w==", "TEg+H5IUFEuL8/4VudXtEg==", "arPTXFJYsCT564EgyQClGA==", "yU5mkCPzEauPBsUqlb3apQ==", "28dC110zGfcK67ZADcsyPw==", "pisd40lsYyPZfJXI5PaneQ==", "luwgFmI9PBVJtU7lZ44gYA==" ], "cmnl8AuxbWKMe5IsutS6hQ==": [ "YqWCYK92PMDEl8TLsC6HCw==", "Y3WKF6/Qa3b8kujepTuCsg==", "x1E7nyV5fDzAyk1STjwshA==" ], "dMY7Qly4vcBOdARECvhzxQ==": [ "hRMmSXWNjnz6N6DylTgifg==", "P9a8nTOFDYbTUSMNt0VDfg==", "t7klIbkcqJpX+Hibob7+Dg==", "tbhLz74i3ShwS72WbIsoOA==", "AtWoYkoBl9avwxLPtk70fw==" ], "dN6ybm8pzBFkzp1B5ADKWQ==": [ "StRqIVsXN6NcVuvirqAMOg==", "U6qBKCP/toaRYToALpEUAg==", "NHVF8uSdIs3qjmJ3d32Guw==", "PT1sohtQtbutC5G9fp60Bw==", "s7lhI3LbQwMT+dukpP3kmg==", "+TSLp8E4dN8AnqD6Q277QQ==", "svTCiyRDx3OvFYJBUhuURw==", "/s1A0DUzgN/pTr1DN27Mlg==", "oBP3fJ/dCNO09esiyvMqrQ==", "w8HdqFb1v+5TiPAPr02m9g==", "NBh5fV9uZlTEErwbgzUbGA==", "arTUuvS7/95E2eEJJD9lOQ==", "nPSgEkWJB1b5/FQHoj8iDQ==", "Q9ZepVg3erGzmkHdoohUTw==", "4flqiPbmTauic3ijyT75yw==", "O6K8wxAPcmLr8qOIbQ6uMA==", "scu0fznRerd9B16y1/RO8g==", "21rba03Cro+scmMld7bHyw==", "Gt1/7zqpYq3ilRksfYs0Fw==", "1CEt59+PK/QZsDtTC+bpGg==", "6hAQW3vY9ZA/8datv1rY4g==", "t2vAQ1ifh2D1sI5NKQFGrQ==", "gJB4UR04diqd8I+vxY+1fA==", "0DMa5ftnj+HYBOgjKFl2gQ==", "KcLk8c2v0kqHAbhhwfgdpA==", "Mg8SgrJU+lTo8Y3PGUgkTA==", "zDHl5AxFMMqrfTCU6DAHtQ==", "P3nYYaDmet+LJ8m5KZeEvw==", "sJATpvVjqsVCTDPuxN1ZOw==", "xEE9zf8DUoHY25V5nM0x+g==", "FfJbG9yXxM9ytWyYMkHuFQ==", "D9Z9qtWFeJ7LhgKDi3BMAw==", "58xY9Xj25VNzU8f4Nsn43Q==", "xKwaDB7aG2oH2GrBtebXYQ==", "bkhxy13HX9frw7feognLPA==", "VMq7c5UxVfK0QVgxJQyC8w==", "NrmEp7ITzyyHtVTCw3MlhQ==", "gC3dJaA81IvQxpeDciVx9Q==", "3xq4PznUGaWv+UklhKhOCw==", "4WTOrslnIqtUscmv3OpUqw==" ], "dywLPrGPYbMhmK8BDXQbTA==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "YSdK7PYtLQ7JLXu7W4mdRQ==" ], "euXwzVjOcimqFJYqARwKWw==": [ "DLttSzeHzaVnO33nSnt80A==", "F/E7m2THTaTl0s46g5J9Qw==", "/oK+zNt0cQ+IZv2Cz+p1ow==", "aspIRl2zXkMgoNBD+Mjfng==", "jU6R01smYIMn3KeQZsQ68g==", "hiF9bhRE95azD1Yk9fu+ZA==", "Hc5j0kmgZDlB2EO4dTIsQg==", "FL8qoTgXQjuCQf4vtGJ2JA==", "aJnNGTgV/SQw08JCZMvqeA==", "rz6mUIc/WNmMqDJ62kTBMw==", "vzByRV8qKLfVVoPLFuTpeQ==", "KxCt45mXPoAqi5/FDwG2sQ==", "kHjC5QVIEbAPA3Kvkur0dg==", "a9FllBAJiFi5FeYl0KG4aQ==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "7nWSET5rvC0ef4ukzNTUGQ==", "9O6eBDd9OtueXKQaS30JHQ==", "NETfvu2mgbpmZZcrjbxOYg==", "Mgltq6eR/1EGqVcVsD/SxA==", "hQhn3O6sw4QusprpMJeLag==", "M3U4dY4DNzzwTtzYkhXUMA==", "VIGh6VPQOivNmVhFo2OTaA==", "izjZI/AsSlkRCQFNfC3oCA==", "O1JHrWWpvsl8fn/ssFRoQg==", "9pu2eJ6pNPg70BftHlHbGQ==", "N0rRS+PZWKeXRoflok9RVw==", "TR5BMIE90A4aYm4WW7+gRQ==", "S8k5xDZW6CKWQt5V5/wRBA==" ], "eyrMb/GsqkuTYioGKTuywQ==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "Qixdjpm4eBW53WCypmEm2Q==" ], "f+vfvrJhWMY0olKoVALiZg==": [ "bQK/Rney1rPI7+9CyV9VTA==", "Y3WKF6/Qa3b8kujepTuCsg==", "ZOlDuMHRTvnXFtaV1nFliw==" ], "fbMnHEQrv8x4t0qLnKLwbg==": [ "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "c95Jb/MAeM4/Wnq2jSIopg==", "JVuTqfPwohmj6ucokgM2sQ==", "GR80zW702W+xho6dTSNlyw==", "J1cvee8xy6oZDEdA21dqEg==", "3skSbDjTQ02+eNiFJz716g==", "Ji6OY1u39nJByKzCNwfpIw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "Aet749oXCwhRnnY9gEGYGw==", "1I7VtxkB33ashDX0kB4Teg==", "fkpYn5dRh4u/WWGeaiLjCw==", "L+qJHYbmNjCvWQzRnuoGeg==", "vO3fut6i1BxfSSrT2ubFEA==", "ZCn9Srq8w747kRfU/6QKyw==", "TalBIBBcOPRavGaHJsTMkg==", "xi7l1oiVtVzfSxtJw44jSg==", "PGH6wJrcNoWUtauBdnUVeg==", "3P+SovAsTkymzTWYhGaJWA==", "0GnwLFQM8oJdoYcoATTiEQ==", "4/3Y7GwVLJKqNxrUs7z52Q==", "mrw/N2aXp27zWWHmC5CUtA==", "9GbtzMsgLkExAJB1dMn+YA==", "/4JeYmWyC6vKV4s1Ym1aGg==", "LaPIpLP1bNzrRA3zu3KpCw==", "4VfXn7TjRykaoXxkvUAKLA==", "6RKXhkNv4lrUjonKaHJ87A==", "tnmlwiFTNywjV8t76lLkrA==", "gC/gC557IC+8uloPSsxYeg==" ], "fdGdDMnv09wSB2YQZy6KvQ==": [ "ORubD27k37tqtYZsZEx/Eg==", "E4hG6+13EIXFy+bT9Iiwzw==", "08LgszY/7nkM+671dSK1bQ==", "9+bUlp7i9AtaUMBorQtDJw==", "06qXhEA2lTXGPI9f+9EKkg==", "ykE0E9Lv2Xj6V4wi3K89SA==", "/FBFBAMO8SlSuHYyN60DYA==", "Zi1o7b8bEdo9KhZZdH0SUQ==", "Co6RfgY4Y7Z+I8JqfwMvWA==", "fFFyLv+kyEvxd6yF7hwQTw==" ], "ftjpFADg59vG8c6VuasWSw==": [ "coulLPAoexKoIM9KOAPmNw==", "Y3WKF6/Qa3b8kujepTuCsg==", "E5lSSvXSqD/Le/zcid+OBw==" ], "gqOdH0Kiuf6AbkqFcLH1hg==": [ "Kqq2xlybjD/tOLmQWu2xPw==", "gr6cX5pFzua7lsdikMJZaA==", "VWEbeFnFOHy1IkG21b5a5g==", "h08ca9AawAYymWtiO1A44A==", "2SApI7oHpcm9Z48+2Hj11w==", "Ku0iCN64UKn/F7rmu3Ggjg==", "fwfAtjf5gVRneidAp93edQ==", "Rs2w9Uui+dW2Lg48Ml6jpw==" ], "hagAldrmW5BKtVwDil7uxw==": [ "qAOl8Bnkad8YQcGLFtMNDg==", "WcYPrwv9PSVoVoof5MRsxQ==" ], "hwDu44WbabGgfO5r6rrVvQ==": [ "VzBrcD6XqIzEjbmGcOkvIg==", "2oAsA55oZeN431cp6jUJYA==", "Y3WKF6/Qa3b8kujepTuCsg==" ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ "sHzNKKfomAzzwg2Sf6Qeaw==", "013z8uiFb0/87cV3rWLBZQ==" ], "iODVJwGc39HK9YJaL/S8oA==": [ "RtSOg3g9DhQAy4EV/TL4ow==", "ixc06f0H9vqMfsbwQSwwvA==", "vFqFaRQ2FFEeoiQHO0D5Rw==", "e0VfCD1REapdkagkByCnXQ==", "X0yRty1CAF/BkqF0tnfBQQ==", "3XaVgHeIFJL3w2B85i3krw==", "pn8svlPRhNDdX1blrq/avQ==", "71mUiqp9K+KrPPMFd0Gr9A==", "BrBV5lr2Oniu9+XAGvI91A==", "wQDBiN+ZfYCbBccIgJzPcQ==", "gGstDOffozUq96qPOjU3Cw==", "cPlqbimjP0WfKIKsSfuixQ==" ], "ixW66YgVs1wZXBxyWt13+Q==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "SFFvu1KKVcKnTOZLT8Kd6g==" ], "jDl1XUvAdn9+mQXB8dOXgQ==": [ "fSeU4QTAs+fY+ihLpgdM9A==", "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "R1x4adkbkgVhxc9hzgUZcA==" ], "jP2MQ8NZSq7niL51MUXrbg==": [ "SP1EdxoIK8b9TT6i0Yg6VQ==", "OgH8cXFhnlU1l+TVwBIW/w==", "eic8i4R9WS+Q8xyh4Yb4IQ==", "HMiFxQxU1Vt50Eb0CRKJeA==", "DTpm5D1T1+v2b9B/xLLvPw==", "vW0+/HQSgXG0Itr5qyIxIg==", "PcYbFEpwRLstXeojnKQIpQ==", "X58g4IHG7dfM9qsUqybFEQ==", "2gP65l63oYJnh+PzEYaVdQ==", "PFkOtbxfD84tB8Q9CZmcRg==" ], "jbZYcB+conABOoSlK2dErw==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "eERb0a2u5NJoo8XHmwI23A==" ], "jeO9KYJY4vtRl4FdYT30Dg==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "+nrMi8U389zlK2TEsOUGbw==" ], "kAc8BYCjeCgQR9YdLeGx9w==": [ "i1iqh+iGOleBv5v21I50xw==", "LiT2UIJJCX7RQxuKZd5BaQ==", "kEe4Kuw3hXrzhJ/JDjR7wg==" ], "kAeo6wOpPqyKfEIM6fhPPg==": [ "FXS+tkMUeaIsGZg1cGb4sg==" ], "kdml4TiffKDDUHJjP7R1Tg==": [ "lDV5qcTcJkBCbILUcFq4dA==" ], "kiuxclwU753PR5FuupUaEA==": [ "Kqq2xlybjD/tOLmQWu2xPw==", "gr6cX5pFzua7lsdikMJZaA==", "VWEbeFnFOHy1IkG21b5a5g==", "h08ca9AawAYymWtiO1A44A==", "2SApI7oHpcm9Z48+2Hj11w==", "Ku0iCN64UKn/F7rmu3Ggjg==", "fwfAtjf5gVRneidAp93edQ==", "Rs2w9Uui+dW2Lg48Ml6jpw==" ], "kjBdgQQNdOoXImAp5fQQpw==": [ "S3QNU6jy5TEnJU2t9h6F+A==", "Dx77Vhdnp5MtAgyIT881TQ==", "PAUv+MU3xwsjx5jndGYXQA==", "vYVfNkdHVoix1j9S6G4zoQ==", "yHqTDX5RE8eUKM9rdC//Mg==", "RfP0HFLmxGH5ZWk1oGaF+A==", "mk1XE0ocPMZ1zLQU00rlYA==", "mTe73yDGtNKBR9vMgderPA==", "wZIEsQ9bd8H+dXqqJhsClg==", "oc1sV4g+opFl9qII5XGKRQ==", "L2MoZbVdo8+qepBivoAPsQ==", "6hxITWtIkDQpBjQM5vKOkA==", "0zv+xomxIiCvJFT5PKrlsg==", "e8C6jymFUSIHopouPFGGFQ==", "/eopcBL7Sl3Br4tMJEoF+Q==", "osF/ky4wSM3Q72U3bD1FWg==", "q7sBMd/vv2s2xJ4pQXPOHg==", "C0CVf3gKIXy0pxUEC+HbFA==", "a7uz8mOwNYThyDdvXW+WsA==" ], "ktHjHCegyaFGFLaqVjqkVA==": [ "cbNKZbfbJhPfPLHi6va27w==", "TEg+H5IUFEuL8/4VudXtEg==", "arPTXFJYsCT564EgyQClGA==", "todSxpG0ADSu6dX8ZW+q4A==", "/rGrv6ID1FHztWkSNUU0Yw==", "B/+SfhbeumQponnHheNEVg==", "ugk8bc5JAs//Hgj923HTXA==" ], "l0z+eHWKZYYL3mOicWgc2w==": [ "IpfgPSRwb+bSNtOR59K02g==", "Y3WKF6/Qa3b8kujepTuCsg==", "9FKHFApkWswWkHyGdodK0g==" ], "lITnNJqHTfcVQiCGHjWozA==": [ "D5fboEqFvUhlyR+olH/EaQ==", "vqqO8LGBb+Z7DqKNNvwvFQ==", "oRWEjPcaLh6wk9wF4tCyHQ==", "o16kBwzDyL2DXuhbCPWX9Q==" ], "lNWcYbl6h71sUZV6B4E+bw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "lajcRo8M3+y2K3Ci00VHYA==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "l2+nQ26t0lYvVluseJErUQ==" ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ "BapmyYmbdpezf7zjj2CAhg==", "j6Ki8P4Vb2sZGNB1xlEkQA==", "kORvLVboAF7IGUrTjNX9IQ==", "qmOnOxNwhPY6vKeXEAxu9w==", "EscSZzHMq8GRhGtW0jKTqA==", "X7NcvhdjfBWompKVMizhTQ==", "HfZGsrRjUweyv1xugcWw9Q==", "giLBrK6czoD3l3BDs0Jfcw==", "OFIelSTGJAvnMHk6/6CzoA==", "3+Tq4mPPOiL6olm2GLk5Mg==", "3VdtHqtIaf9cjYBkwOn6/g==", "jiVVTQmOtKqVixv7agF/Hg==", "XMZYTX/i7lOXfIPea0g5sg==", "8kndQj/aRn+NNJdGVP9v4g==", "FE/mnRiATGHgivPxG+13dw==", "InyvNMAfT1Zl5TKOPF5zkw==", "AwYRRq6SmgfJLn2NZxQUdw==", "rtFa3141Q9+bfT/6QHNRBg==", "b21yUyaQZ7Y4OfaGCUVaag==", "tdOSkLU/PWQAH8ShYBRIaA==", "RnXEkSuORl14LlzYthaVHw==", "5of57tJEHuBiwqXswgFnrQ==", "ZeZr3mN4O6iS2eUDKCRGdA==", "0TrLtadJ9afLCE6Wo3XSvg==" ], "ly9SmBBH7WsYXh1oG69XaQ==": [ "pJcWMOFMt41bY+94aWQQQQ==" ], "mLZQEF4KLS62c+8BB/jz0Q==": [ "7S6xxC9g1Ybp0dqQ63V8tg==", "iWt0hZuyonyjl9VX/4tg3w==", "h1MWemxlLHNRpaCeXx1S7A==", "IH49b5rGGM3cVdLC9M6DXA==" ], "mLtyJkgiain09bfdUDF0tA==": [ "4aR9t5J6YwMk5D9wZ0BV7w==" ], "mS/mU0XqXurt5b2cC0G2wA==": [ "pa953vHlkxOHxS+pLBTLTg==", "8DhYVEV1dzifByqNyPf4bg==" ], "nGBKPb406lGwZT56VfENpA==": [ "vSprYPjt0fuICUjiB4/LWg==", "f2eveWp2gzC6peE+M/ZNhg==", "rDDtdCntuyuji1lZ72ZxzA==", "zw0cARVh3jgrbyVziYo6DQ==", "SPfe8rryClHnE6BuUSP4YA==", "0QiVY9M19b7tjbpn/ViWqA==", "uivtLheXzNSAAluN6T99Wg==", "XpTqsrTo5GhyVoXq1J6R1A==", "ujypD271NReIMihczobLQw==", "pBoQ+PsAQ5BZXsP3ZwzxpA==", "aLzx+P0aEIkUrEfjJdf5/w==", "AqIetzkTw3mVI6hiusMy1w==", "buJgcdzjkcqlPTjRHlv+aQ==", "4bsXMyNX8A2vDNbincmT7A==", "06nVp3HoQkp2GMYq8FEEOw==", "sxAqBgO+QgJyY1S376mbKA==", "KGloE+M4iEjbEnlvrjLMAw==", "rANfKvTXxXq6V32cczrBHQ==", "CCTTGeQPsaGe9k69jAJeHQ==", "OELX0txDNvSSX5G8K8KlJg==", "RTIOYNKa5k5ts9Kih1+7yw==", "W9IBxWrtUMKgo5IOhKlFMw==", "ddgghMsgXhjnixlaC8h3Zw==", "b24jROqAI53DUVRmvW6uEg==", "ABgAEtKLJJ3BQYa4+jCHyg==", "CK9CzHa3OulJNeWEKej52g==", "YNMtsn/tcZvCfn+cUvP3pg==", "M9ekoeOzelYJSf4p5TpoJg==", "0s+Oo3nd8zFM1b/9W/xFMg==" ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ "DqajPgSmNnfF5+bVSuLXZQ==", "NVw9L7wf5CkACfCMTn/ArA==" ], "nfPufzGeU1GNtwMg2NZjyw==": [ "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "c95Jb/MAeM4/Wnq2jSIopg==", "JVuTqfPwohmj6ucokgM2sQ==", "GR80zW702W+xho6dTSNlyw==", "J1cvee8xy6oZDEdA21dqEg==", "3skSbDjTQ02+eNiFJz716g==", "Ji6OY1u39nJByKzCNwfpIw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "Aet749oXCwhRnnY9gEGYGw==", "1I7VtxkB33ashDX0kB4Teg==", "7vhPpb2zq/BkKbRrRdQ0ww==", "UFifyy6/bFh+Jtu5aKnN5A==", "ttvA33kOVBV+TWYGRrPG7g==", "Midk7Sf8BkLBIPjoLmMFTQ==", "0Fx6QRcYMgyXu9KCYFcW+A==", "3rOn5tAbJKhw0oN7VHmMmA==", "s2ff/rj349ZZw+631Apu3w==", "cpGjwZ3Q1xNLBVEpajU1Dw==", "5T2EIrKRgMRvSYAqng7bdw==", "BNZj3OarLxcd8eifg2oBTQ==", "Jt3He7YgLEZ/8hIPk5cerQ==", "d8mzsl/ZaK1d/J7qLMkOkA==", "6w1pf3mj/0p+mAIPBxQZkQ==", "zP2miTirQjHfCyfRvmeCxw==", "n/nPV3PWwT/nX6gwjJjU6w==", "dSnXn5Yob1BEel/wisIyNA==", "LZai4kI3bS1bdNHfXbMh3Q==", "TuIebhRPZqFoqMu/B2oY2g==" ], "nvxJsUFWvodHYwGusWrCfA==": [ "tnmQ7OUTVd9ReoxHm0e8ug==", "FHPslNj7tXQsRFJS3VoxWQ==", "G8iBrrH6pg5tRGWhiEd67g==", "AFlcPrbeGSHjmpG7oN3F/Q==", "lQg0sAGfxNq+Wu4yn9u7FQ==", "xsv8GBgazK9Dz4RNkUHFjQ==", "+8xSp5AB/ujqdCopwckONg==", "YgxSASsulE3lhlk/tt7LHw==", "apOLVQNsMm6SHDR1ZLmlVw==", "bLFjKIUdSS+8cV/RucLeHw==" ], "o0sNxhdrQvn3LtgSlydcdw==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "og/hyn7iqbsNsfIv/8VHFg==": [ "cEWgC5CO6TrD8MK/mH+Kfw==", "i8+mJGQkaRsXWs3mhtMbqg==" ], "om/hnbn42itSjLCSeL6+2A==": [ "QN/fQcKt84KRQN337M2Owg==", "Ac0KMA8k9O8Mz75g/xX30g==" ], "p5/fxZumt5POFcNowtTiuw==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "WJS8qOOq39ghNxcfIty3tg==" ], "p5p9BM7pNAz2WsIpV9j2Vg==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "cYFbjhnbLGvTbLgTZZAfjg==" ], "pc8TmjOHnExT3yvCQuGR7Q==": [ "dKzgwwkG/spsYd8PVvrk6A==" ], "piIKp3mha3J0aqiUeWB7lg==": [ "oa2eJ2AA2tul+4L/9uPxvQ==", "wHoRXgaP5xu2A9GAujsW7w==", "OOLrbXnz5lf8CydNheih5Q==", "kB5UdZ4TbmRXHAdPCWAEuA==", "2KjQzBO1IIuk/KGzN0rORA==", "Y5911jYxxg7J6VKhk7mqCw==", "gNH0Wp3fx4JyJiGqOpJt8Q==", "fseKmDSP+zTsa8pgVGAvSQ==", "u/1qpWmYmlFZ94shsoLdNw==", "DuzMOMHOQ7Eh8s4YI9+INg==", "NvjdcKqjYq4obYPMZ/O1bg==", "ayzrYTjP9s62uUTvstTkxQ==", "YwzFRyTfK5sDaZVLdCouhw==", "3nAPhkhwwHB9WGtChdPSFA==", "O2qd+cOqTbjZsgRTNj5NWQ==", "X3NBOrSivf9I926V0a2/oQ==", "DbCjVGiras7NuLFjZ3QehA==", "RlOfhoCCkdSSaNMAmR7TiQ==", "e/v4SMj2wFe/5+CPTpBb+A==", "b4Z67JiG3MMAzmfec/ENJg==", "kvStyGN84HUBQGFgfm8YsQ==", "mMne5M/uo8CArUpQts+E/g==", "mgiAXi9bEDY+U7GKOk22xQ==", "j++bgkWi+YcL90tYl7GuqA==", "i7i43TkKrsR4/wY+an9ySQ==", "tir4xRVpLmJ/9c0ix/fFbw==", "stpFdjHb8GMfliK+zQvBAw==", "G5kVpuaICQ7VY8LlVpMzbA==", "3ZiE6vWcUYh5mTVFYC5sDA==", "71bLdSPDs291bHC5LW5Ijw==", "y/8QZeoYV5KanqSqv/18nw==", "923JRnH+rmbRdHQ9dBwrUg==", "vz5xJxolla1YwmKD1vUDUg==", "dXai+tN/7FyABpZEHRiZgw==", "7aWKwXJ07Vv8zlZUA5Ndjw==", "bT/RPviG0rL+T20EQB8RhQ==", "wWpMn1XC8aTAF/29xCaZ8Q==", "w1gSEYxPtWAIfzlL3TbM3g==" ], "ptT0YL/h24MTjTTVlPAZVg==": [ "o/u/1w71z7P7I8H9GBIsbw==", "h4OS/K8oEkyAvmNo4yuDKg==" ], "qaeDIBzkPb1YcHW+c5XKTw==": [ "HSd9wkre9UmoZo6xukXnAA==" ], "qv877m16TWTnhYtFU/bzVg==": [ "/f2tkcQLR3DiblHxA5NH1Q==", "ejpYPjjExqrl4chxj9uLog==", "2/yRa3wTx1HFYWvwezDFBQ==", "0Buw6+kieGxn0xHqRUfqSQ==", "gC/eGs//KFmS38pAonhk3Q==", "fyONzYZbtPrBLBjFGxQl/g==", "gnXtmE3L2gvbt8pzYX37xw==", "8rWOhaHoHBMFCHEiDeL3uw==", "AJyzbdXx6v5s8tMexr4RUA==", "jBgz1HPac1SzEIbHN0IxsQ==" ], "rAxI6ugHAhGGLF0rGYHfUw==": [ "bpwdCug2xQZhmaazCqwIew==", "bf41zTvm6HAv6xdiXpwGWQ==", "VeYabM3XwaLL8BU4Jh7KXg==", "RN6TSHl2tPC2sDXkr9F2dw==", "axH36tojleQPaI/cBLrGqg==", "ONllKJutmosR2fhHJ20IMw==", "isjT5nIgMy52h44P4+fxFg==", "JVyIt0gF10G+gSN0xWt2Mw==", "D79PhiO8RfNrU+L/lhCrDA==", "REQ1oCrPc44If+EvIQNDoA==", "1tXNc9f7mYHO8CgYcr40tg==", "LbxMFScix8C2IT1ci2nX0w==", "7hPJiUcy4KRHxSw74P4Oog==", "XEJvX5LybNvCwdnogSEXGw==", "UgygbzqyqNSQmVxqENV7uQ==" ], "rHWl96jwSRpVOW9Rmtir2g==": [ "aF+sd+odivpUdxBxF+S5uw==", "uO3OOEY6W3k9QH/tNVK0LQ==", "MMLwOzBcCET4jaa3dPuTwQ==", "sAlO/t+jkkm59mLcdOgB9w==", "4LZWGm07jnOHHBGX2FzAwg==", "uEn9qA67O/SoYHOtH/EL2w==", "e/bnYsWq3UNe4TO8qzzb8A==", "IeTK1HBLKpS1+gfVSPrpvg==", "RoQvxPrgcpXyTej834bT2Q==", "Ve1jg9SxTDjeNdfGHjxP2g==", "VVkxgZwgg7/nXkUWcx1KaQ==", "tbkEtEs3aa+p2/YQaD8BfQ==", "wIIptfGVgtdFwdHLveHQTw==", "mmFI4mA7exd6BfbwTUwJfQ==", "gNGv6C2nj/tHk2ntVJUOWw==", "c8cGZ/4k99JHYnQ4CNatRw==", "oIBUxFCAPk4vRXBwpcmtFw==", "CQPV/OxtJ+DwYc6C4gniNQ==", "MX+EWJzZdHJfUgD+GuMAoA==", "A17E/jDMfAPfGiHuzUJcGQ==", "q6lhV1L2lF0++R6MkKl+kA==" ], "rY/kE/V4JnxYoqV+lmc9mg==": [ "DDxCHnX+kCqcRQj9b90/cg==" ], "s/sN90wkrzAWkEGvOCWevQ==": [ "FDfDrXX29qA2yqQX58yr8w==", "Aut4Rx2DyCQ33CV9EhAWrg==", "a7yL9rjZkvWVTG0o5DKHqQ==", "770t4pMyoFDq+eckoFI12A==", "YickFGkosXFq4QeJ0jRTmg==", "ZFn12nIvEndnJS63wjZESA==", "bpwdCug2xQZhmaazCqwIew==", "bf41zTvm6HAv6xdiXpwGWQ==", "VeYabM3XwaLL8BU4Jh7KXg==", "FTimeCIaZqgfaiYItNFCYA==", "CMzlj/DB8hlGyo22oMBCaw==", "TidlERP60Pc/L340CB6P5w==", "kTSRcRUr3mSxDRXVL9dhcw==", "YBqwZyDthwb6s3n+wbOzLg==", "2P9pgHkfyknvl5Uzl4wB2Q==" ], "seCPTRxsW0CXUgbCc8GtTg==": [ "a4nZis/zgZDfMKZCwlqdOQ==", "vrUyli9F/TSWI+RqUWzl9A==", "9FxECcZbmk1x7vUfH9Vvpg==", "eHjfPFaXzOZyzfB0f3GbJw==", "RtSOg3g9DhQAy4EV/TL4ow==", "ixc06f0H9vqMfsbwQSwwvA==", "vFqFaRQ2FFEeoiQHO0D5Rw==", "e0VfCD1REapdkagkByCnXQ==", "zbCarOV2Tc7arcK/YbfGpg==", "3Cx+iG/vfM9lqpohAMM4kg==", "m64TKKrLseuJrm+3BIIOIg==", "ysEF64GA1SEOz6Uev8X6pQ==" ], "senWHvSi1AlFz8ttUDvIeg==": [ "lDV5qcTcJkBCbILUcFq4dA==" ], "slOVRtjq4478nP0dtG1VIA==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "rd7C8AD7IYUHYPSfAYtKrQ==" ], "sm+xC6hqiI5z9MZTiNGgAw==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "iK/w4oP0ry88Fhi1iG/FpA==" ], "szBndBxzz7klx0noQ6O0zQ==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "7qDS+HgrJi3Ay2QIPvdk+Q==" ], "tOoZIHzytN01BRAw3es1Yg==": [ "hoEzPUhgPgrwsfAtoMIFaQ==", "sQ2W4F2gpnWDvulegh7NnA==" ], "trv2Vgd2QnIOlR8n5qdkvg==": [ "n6P1LNQtOKO2D4puI71Auw==", "MwCK5PkH3kQTRDd4/IQ17Q==", "Y3WKF6/Qa3b8kujepTuCsg==" ], "uIGxNSLaVnAmi0jJ0xnwdw==": [ "AsiuN/8gu7sZ0PJCLihjmw==", "0XyIJoIqTLxnYiZet4x5Yg==", "9+E0QW0srfacy6ztLngyRA==", "ANTD4465iFd2bYqxnQnsuw==" ], "uwkXfq5VvKEldZwWOwGq4w==": [ "hMkYbCHpeOKQraSBEl8+Aw==", "akyADtY97pCYfGQtx4g3Vw==" ], "vAPPN6rYSkP394gvFPG0sQ==": [ "V/wACq4t8ybFKWNGSTGOqQ==", "BecrebpzZRix36R6G4t6wg==" ], "vq/Gn/XN/vhb+s09B3VJzg==": [ "DWl94vpEWRXsnNv1XWboVA==", "xNb89cwcl67WhXZjUplwIA==" ], "vtNcuXyRth8r8K/W3sfqrQ==": [ "a8lEoliaJpwjl9bCwQSdLA==" ], "wu/SuBfGK4XxN58kBmX5uQ==": [ "k1fZChROpigN0QVc8mb4/Q==", "hR3E2ddB3lLEfqeWD3t/gg==", "37d2lDe6jgMiPcPiJiMJ3g==", "fil2zeXkk1/a+i/G+BujrA==", "qdN4e87DQwOAw1DeFfPnZw==", "C5gKZtjBskBnYM7k6flxDQ==", "nw3xTn5H4isiDWgRRp2mFQ==", "uUXjEDTiz3w22aHXrIzeBg==", "0Vj2SrIc6hWAbIbOE4ly5Q==", "97FSGbdXOKFnU5MQ/Z+Y7w==" ], "xdunfqVk+0spTcWoJA7wPw==": [ "4asubKvJrlJVsaeeKleZeQ==", "4BsuHz9ir1bEZRyqW1YH+g==", "RIwina92/O63CIQtdCj6Ug==" ], "yDt3wSYEqsz4/xyFxjBFAA==": [ "fSeU4QTAs+fY+ihLpgdM9A==", "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "R1x4adkbkgVhxc9hzgUZcA==" ], "yl89ZUYB/c9VKLUIKBe/Rg==": [ "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "c95Jb/MAeM4/Wnq2jSIopg==", "JVuTqfPwohmj6ucokgM2sQ==", "GR80zW702W+xho6dTSNlyw==", "J1cvee8xy6oZDEdA21dqEg==", "3skSbDjTQ02+eNiFJz716g==", "Ji6OY1u39nJByKzCNwfpIw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "Aet749oXCwhRnnY9gEGYGw==", "1I7VtxkB33ashDX0kB4Teg==", "igIYJ7n3zFwL82cBbA97yg==", "hAaZlwqM0X/FPe0ATui+mQ==", "xL4loYVOmJB7OXC3kSkmfw==", "YYqZRAErReQsq797SjIKyQ==", "JTP7hkxyjG7h5CMk0jZbPg==", "XG6XCizQonEnnNOuXOQWQg==", "HLvoGwhsd63UA6zAEgp26g==", "k4cfSQ57LEw9O0FDfmqx3A==", "0hyVfEGYmZHgsqyKSJ0pyg==", "s3p2a+1ZN6WexZBk0888Pw==", "zum30oF+vgO+77M+8QbtcA==", "8aSwzUYfWyRMjYYkrlqIfQ==", "Xh7qucrAcTPJpjwtifDAOw==", "060U9UsbZoE9zHQMn0bmdQ==", "LZdzSvscGWIhod3wQk0Rmw==", "OcdmgnoK0mo4PV3l7KupnQ==", "x0SVslQrSSiPd4SF4/4hGw==", "Dm5ECRumGLayYNxAg7NLuQ==" ] }, "enrichments": { "message/vnd.clair.map.vulnerability; enricher=clair.cvss schema=https://csrc.nist.gov/schema/nvd/feed/1.1/cvss-v3.x.json": [ { "+++3TnIRZlKm1eoznwUkUQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "+7BcbfUQa+MCLOaxOqWxxA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "+8xSp5AB/ujqdCopwckONg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "+PjI2yN4wCMPyf1oygeT5Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM" } ], "+TSLp8E4dN8AnqD6Q277QQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "+Zs4a0HA480wHmF7KJoeNw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL" } ], "+hBhqk1qKnkU+nqn6a96qg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM" } ], "+lMwEA2uH8A4fM725P2qbw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "+lYjBQ1bLfBtqJGBvaBscw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "+mzY+BFvaMJf3mtbs8fARQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "+nrMi8U389zlK2TEsOUGbw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "+o9j0Llb6+ISl2S6vmkRkQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "+sogRO7MZKXHT07LeompQQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "+uMSPU5jbqI0+jsP/eX6PA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "//JUC9cSBRpTkexRqgXGDQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "/3j+rzG0OwcPwo2Rmp0+oA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "/4JeYmWyC6vKV4s1Ym1aGg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "/9emm4Fj6NV1IQpSFJjnVQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "/Biu0Ok5nwCG2XG55i0JgA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "/BmwZ52n8e/hzX7MgTDW8A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "/FBFBAMO8SlSuHYyN60DYA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "/MWzwBJlhhNbF+zp0zgq+A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "/SQLUtPnmMNtkWI7Eg211w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "/T2e2s1XVanyEShgjo7yNQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "/TlXuCSs4iN+O7ZiXHh0rA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "/WQB0Cmnj06XJWCr3nqOoA==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "/YcdipQjiqJUDpddwhDiIw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "/cobD4q1+lV6IVuJHME9qw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "/eopcBL7Sl3Br4tMJEoF+Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "/oK+zNt0cQ+IZv2Cz+p1ow==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "/rGrv6ID1FHztWkSNUU0Yw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "/sU8IhZ8FGcY+dVFZoJtXA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "/wfob5jHHezdiyugtfPWjg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "/xdpp5e60iW9urlPuqfkRg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "/zoTHp0WvKz9OUpG9Avr/A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "0/gdp7pbH2OhTn0s4Cc6wQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "00cDk2w3qfvdzMbO27c/+w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "013z8uiFb0/87cV3rWLBZQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "03WJApqdfWbzHtZHpqBt1Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "060U9UsbZoE9zHQMn0bmdQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "0BWw+o/VRLTjmukorj4XNw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "0Buw6+kieGxn0xHqRUfqSQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "0DMa5ftnj+HYBOgjKFl2gQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "0DQjD35MphQLwWNOtJTVPw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "0EA2hakQnbQP4+sqk/xhog==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "0Fx6QRcYMgyXu9KCYFcW+A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "0GnwLFQM8oJdoYcoATTiEQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "0INnWKjjSMNVc6OCjv18YA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "0KHHRM3zzr0IWKnLIse0pQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "0O+vZNIOf3k2A6gcV08l+w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "0SOGBOSWJuTVuoCpNhRztg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "0SSbyb1ilRd9IrbrjxK/YQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "0TrLtadJ9afLCE6Wo3XSvg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "0Vj2SrIc6hWAbIbOE4ly5Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "0W0/E/g2cPvxNF42LmIwRg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "0XyIJoIqTLxnYiZet4x5Yg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "0YVxD0vSH+0MhijemP/Jmg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "0bK7Vo3x9SXQYvDvMmgzXA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "0cWQcHQSZ2tFOKqgcBWmjQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "0hSNEbIHPUbc0SsQiTGf6A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "0hyVfEGYmZHgsqyKSJ0pyg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "0oSuMO6l7Zw5zu2u1O3EVw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "0qEjunEr8GfOdDmHoSzzSA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "0u2Zo3eZYFAXhVSIZh+vXQ==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "0u9BhQlRGnXqmFj5VxmVgw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "0v5F4x1W0RxkklLvRs6NKQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "0zv+xomxIiCvJFT5PKrlsg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL" } ], "14EBaSYBL4fLL4zgayhBkg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "14lZotAMN5wk+cTM9uFZ3w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "19Kvl4LS7MCiBo2cRD5fxQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "1VNF4SbZzJg9kuE9rdY63w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "1WQ/LJu/kefEuHRv58l0Lw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "1bvtrVel884c6IQiJYPNBg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "1lRtJofWFCTkQi0dreTmvg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "1t5vfb4weBgYFo4+aa7JgA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "1tXNc9f7mYHO8CgYcr40tg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "1v7+DKu4v2iV80eUVeY2xA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "1w9jpJ9vgdmPUPdG9Zz/6A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "25AN5NeRgxRTLC+pN8E4wA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "28dC110zGfcK67ZADcsyPw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "2CeZCuCny7jSZBuuaMXULg==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "2I/0B+uXhxpPJWXGwNGlLw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "2KjQzBO1IIuk/KGzN0rORA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "2LFREC4djA2j3hoAmLfXHw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "2P9pgHkfyknvl5Uzl4wB2Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM" } ], "2RZ3u6UmceVG9iB/xb73SA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "2SApI7oHpcm9Z48+2Hj11w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW" } ], "2UHqEqfMIIn53NkDlDEppQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "2WElWLVgdbllxdeDwfKP6Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "2ezxh/Mpkyyi/ENw60Y+Tg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "2gP65l63oYJnh+PzEYaVdQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "2luu38jiVQvy6qOXHFgpAg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "2m66dHT2QDwJh4hvsW6NOQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL" } ], "2oAsA55oZeN431cp6jUJYA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "2sdR4GjmaEV2ZFIV+TVU6A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "2sm08sXcjWtT2Gtu3CdSug==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "3+809IKkEvKNvrYKsUMlFg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "3+Tq4mPPOiL6olm2GLk5Mg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "3Cx+iG/vfM9lqpohAMM4kg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "3JWY1ykysfjEg17d0NJpug==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "3Lvdmj//2sze9S8I3n8yrw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "3P+SovAsTkymzTWYhGaJWA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "3VdtHqtIaf9cjYBkwOn6/g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL" } ], "3WRC4Vl08/leTJ1MFHuCEg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "3XaVgHeIFJL3w2B85i3krw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "3ZKyipeUC49AgeVTU9guoQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "3ZiE6vWcUYh5mTVFYC5sDA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "3ktHS+YZSMYXCkYy+yNUcA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "3lUu0msi+b5w2eDC2c6lRQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "3mn5saqLeDWX1WioNLINeA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "3nAPhkhwwHB9WGtChdPSFA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "3p9vZY4Tp+ruzgOPju8G0g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "3rOn5tAbJKhw0oN7VHmMmA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "3skSbDjTQ02+eNiFJz716g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW" } ], "3xkCSLCsiWI7SUm/x8evmQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "4/3Y7GwVLJKqNxrUs7z52Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "4BsuHz9ir1bEZRyqW1YH+g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "4LZWGm07jnOHHBGX2FzAwg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "4Mw4z3LuOMDccJwKA3WDpw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "4Rtn3AG5Qs+0wru36+KhEA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "4VfXn7TjRykaoXxkvUAKLA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "4aR9t5J6YwMk5D9wZ0BV7w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "4flqiPbmTauic3ijyT75yw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "4plj7t0DXbSOTUKYjPOSpw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "4ujix5gnAeEadtReMww1pw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "4vHE1o0sxmJSfgr6AiAtqA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "53g2lPwzOLmoqCCLIr2InQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "58xY9Xj25VNzU8f4Nsn43Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "59VgueYROa38mMA22PS/AQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "5DOUgppde1j9udFySlg7zQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "5T2EIrKRgMRvSYAqng7bdw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "5l/3tusnYjPGFyuHyfqaIA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "64Y4k9USgW4ya/SnvXYkTw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "67Vgi/1HrbHMdD5VblFjmw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "69RzM+mPmIVKA4t/SseDjA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "6AIniaqTl0bJ2gPE7++b5Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "6J86dffyd+kQEKbjTTbD2Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "6MW1lRUdNNc4s+6uD2JNvw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "6MdoTC7jzzEDMQoqINyh7Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "6Ol6gaAiysVTeqKKxe3zYw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "6QPo/X4W0vdkqzX5IoKaHQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "6asSIEJz7ggo9QEXpbSOYg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM" } ], "6c0JmFCu9UsZ7Ix2LCEP7Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "6dwQWrojfQ/1hgTT2PQckg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "6eMjths7OctCI6zbpR/CJw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "6eOHn/o0NPz2WB6bK17c1Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "6jOQsxIUcEw0PlYEWTWq1A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW" } ], "6o8ui0RxMttDzkyqTDO5tg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "6w1pf3mj/0p+mAIPBxQZkQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "7+zZLUPhCOA3BFrcusoKFg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW" } ], "71bLdSPDs291bHC5LW5Ijw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "71mUiqp9K+KrPPMFd0Gr9A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "770t4pMyoFDq+eckoFI12A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH" } ], "7AoZZiCMmvqX9d9WD62FnQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "7S6xxC9g1Ybp0dqQ63V8tg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "7TkNoBjD7xTi94PdPYIW9Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "7cwLSPInvHIbCgGEnagmsg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "7hPJiUcy4KRHxSw74P4Oog==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH" } ], "7nWSET5rvC0ef4ukzNTUGQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "7qDS+HgrJi3Ay2QIPvdk+Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "7tQ8bKKtgjjS+bXnpQbUEg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "89XrIFUuuXy08LkDR6XMOw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "8BsUEMjLB96UtpRd1ludrg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "8DhYVEV1dzifByqNyPf4bg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "8G+z1fKnaBhLZ4U4Rsu47Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "8XP7l1FAhUYb80xnArQFXw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "8XwqZqDjDwlzB7f0TMDrGQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "8aSwzUYfWyRMjYYkrlqIfQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "8aYuxdRIfcCiBh+0fRkxNA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "8efBqSZ3OYqd+nT8a21FNA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH" } ], "8ge47rqVvHaefMV4OlZnlQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "8kndQj/aRn+NNJdGVP9v4g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "8rWOhaHoHBMFCHEiDeL3uw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "8x6vUoRScU+5Ju7vG69IKQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "9+E0QW0srfacy6ztLngyRA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "9+bUlp7i9AtaUMBorQtDJw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "93O9BjbBwz1jYmTNCzgkUw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "97VWHZ/vyLIDGiGVXUXTBA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "9FKHFApkWswWkHyGdodK0g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "9GbtzMsgLkExAJB1dMn+YA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "9O6eBDd9OtueXKQaS30JHQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "9O8vLtOdyUMO1soTy2OBGw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "9VvdraQVg0WcP0owuX6zIQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "9YhtmVCizO8RKFaN3WBOPg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "9avTgsTrB6zaN8UjZ37Wow==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "9mEb2+hU1DreFKa7HJtbCQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "9mXxz9VBx49eL0xR/fvdpQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "9pu2eJ6pNPg70BftHlHbGQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "9vmn72qHgEMYqIwJkCbSLA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "A17E/jDMfAPfGiHuzUJcGQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "A6+P0KouhQ+leIPeQQbUvQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "A6K1sza+52QsonC22ECRkA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "A7bcOuxkjccnpaTXIAxpLw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "ABgAEtKLJJ3BQYa4+jCHyg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "AFlcPrbeGSHjmpG7oN3F/Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "AIlN8RmMOvhBveVuVAyHQQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "AJyzbdXx6v5s8tMexr4RUA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "ANTD4465iFd2bYqxnQnsuw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "AOqYiSRMsYI7D2mmuqAtJA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "ARavVWjHmRczhaernCzJXQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "AUiFITCnRjRxctzqqbDeeA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW" } ], "AWmsv3mH2jPlTL7bFyq8gQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "AYOaUiAITXfmzrid+CR2Og==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Ac0KMA8k9O8Mz75g/xX30g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH" } ], "AdhtRMEnBdpFFyeSlUP6fA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL" } ], "Aet749oXCwhRnnY9gEGYGw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "Ah03jmj/7fQOqUbg05PtZg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "AqIetzkTw3mVI6hiusMy1w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "Aqat44uV/HXBHu8WYGkCVg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "AtWoYkoBl9avwxLPtk70fw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Aut4Rx2DyCQ33CV9EhAWrg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "Ay+x1p5pYFwnvUSAM5q2ZA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "B/+SfhbeumQponnHheNEVg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "B/Tetqnl0UD2oPlB1GgT7A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "B0fL+sYDQzqmMzEqrygeDA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "BIL4VgfHRuxJ44ht2eAadA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "BLkI3n1XefyybyaipLStXA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "BNZj3OarLxcd8eifg2oBTQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "BS5Qx6nN3HmM64VVoKmayw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "BapmyYmbdpezf7zjj2CAhg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "BbM0NZsMsZnNUi1ybIzssw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW" } ], "BecrebpzZRix36R6G4t6wg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "BfDjqoaYrd0NKCGGxtokTg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM" } ], "BrBV5lr2Oniu9+XAGvI91A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "C0CVf3gKIXy0pxUEC+HbFA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL" } ], "C0mnxp1ZuFsafzGYQTHI0A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "C38jEAZBH42pj/LK2zcQXw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "C5HeGQfx/moQOawxL9uDeA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "C5gKZtjBskBnYM7k6flxDQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "C6yN0mcIXI4IYgVIgMrJhQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "CCTTGeQPsaGe9k69jAJeHQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "CE8stTAUA4YcALeC7c3h/w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "CK9CzHa3OulJNeWEKej52g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "CKVMoyANgkZKdV+dChbXnA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "CMzlj/DB8hlGyo22oMBCaw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "CNONWWLgmVwDA/lLfltdyg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "CQPV/OxtJ+DwYc6C4gniNQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "Cc6iMT4c9IbcztVa+/nL0A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "Chjm0vNb++GJsagbOv8JHg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "Co6RfgY4Y7Z+I8JqfwMvWA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "D+2uHlEi8tdaITyQB5nD6Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "D79PhiO8RfNrU+L/lhCrDA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM" } ], "D9Z9qtWFeJ7LhgKDi3BMAw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "DDxCHnX+kCqcRQj9b90/cg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH" } ], "DLttSzeHzaVnO33nSnt80A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "DNd0sdbW83acQbIl3FDaPw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "DSPVvHylac4gbedRKpFjFg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL" } ], "Dmj+1Th9y/xKrHIFa6FtQA==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "DqajPgSmNnfF5+bVSuLXZQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "Du87KR4FeuPO1XKDGWPfTA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "DuzMOMHOQ7Eh8s4YI9+INg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "DxGDt323smYx6XdCiIYGnw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "E5lSSvXSqD/Le/zcid+OBw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "E6F4Bsc58fK+0x+N9LY6gA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "EH9PvjnpSsw6jAD9jLOUSw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "EOnVsQprB+b/CxweVdPdqQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "ES+fyIBHuPDzcPe/BevT0Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "EX/3XuRwSFTfBZGrORFwLg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "EX13jwlAvLcmxkiAJWJrPg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "EdSmJzT79gNsCaz3hmp+zw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "EfJQ14qFSb1S0rB4VJRXzg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "EoQrZ5N7i4JBUoj0xAeL3Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "EqLnU7jMVPn5Z4r8Gj2Qtw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "F/E7m2THTaTl0s46g5J9Qw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "F5n5sm3U2fLvNwQ28Jm2Og==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "F6QBkHsQuDYkHPuVPox4pw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "FAES1XlWFCETbKQytoq57Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "FDLDRBwyyvnmDzwGh+Zthw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "FE/mnRiATGHgivPxG+13dw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW" } ], "FKfxYqe7reNA0NF11Vyh9A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "FL8qoTgXQjuCQf4vtGJ2JA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "FQtJqOj1l5gE8G+LeucL6A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "FVTPqIs7vgGACMM0pfvvDw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "FXS+tkMUeaIsGZg1cGb4sg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH" } ], "FdHZNK1wtI6/xHHLNOjd7w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "FfJbG9yXxM9ytWyYMkHuFQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "FgZEwRHfIJXFMTMxMr2/bA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "FzdPtstZ+v9Poa4yJ7bYnA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "Fzv3hLiqGP6JSExBxNthvw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "G2w3S+v/G+UFKZ7Ps1gf6w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "G5kVpuaICQ7VY8LlVpMzbA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "G6hgi2PyRML5jGfMJD1SYA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "GBKJ1gcQDHFLbPDqgBAukQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "GIVyRte/bIBFWQmQv/ZQBw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "GIYpweBhZIpsva7P5jGZwg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "GR80zW702W+xho6dTSNlyw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH" } ], "GRZKMxDpocVUp21tw3FZwQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "GXMpRf2go/wGEbwpp9BPPQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM" } ], "GfPY5zBbHJQI4ZGaDcJj2A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "Gg97qi1BhqlOPIWqj2o4lQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "GklzFsX1Kbjw7XUdLCRFCA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "GnBCRP9H+R6do428z3nOkQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "GtECMHzRoeZKh1TLvpCt+A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Gu/ALKpmZ1E7BQoY+IaWwg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "GuM8+Ku1VtBzfPk3/FCgzw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "HHBOKYlzeD2Busv7btyBAA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM" } ], "HMiFxQxU1Vt50Eb0CRKJeA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "HOYwG5Rw5KtCLqSTp9IaXQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "HRf9rV5BqUqr4i3wEvXYrQ==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "HSd9wkre9UmoZo6xukXnAA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "HT4k6+0VwtXXrNi4IFV2ug==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "Hc5j0kmgZDlB2EO4dTIsQg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "HfZGsrRjUweyv1xugcWw9Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "Hk/EnuFgs+4rtDh2D0OPZg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "HlOu0EmTxHkjzmJeJEuJmw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "HtTTCkdsdyrj750LNNdG0A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "HxI42iSjURjRki+uV6q/9w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "I+Ki77X+PkV/7jCRuol3dQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "I3KZ27LtYpZ2XCNeodSc3w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "I3vwwgMxzxWo15otCOgvAw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "I6USarzQiNF0WDmxnwYl6Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "IDZTlFNxsI8j3vhOiq74iw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "IID02HQhTZlIg+cNTgve3A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "IUfmGrC0apdBsMp4kpsXwA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "IeTK1HBLKpS1+gfVSPrpvg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "Ihq7mkhGM9sf/8QM05o7gw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "IjpkBJ+ywcI88szIoeoHzQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "InyvNMAfT1Zl5TKOPF5zkw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL" } ], "IpfgPSRwb+bSNtOR59K02g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "IqDaL37gpmJkcaU5vU7y7Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "IvL651FnAzrxSYOiOuXMlw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "IwsFxNbWx/oOWnYknyaGEw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "IygWF+tpv/TjlYP5Xn2XFg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "IywEueim8Y+5rmUFlt6JAw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "J4b5dVoVJ6TOvSQqt+geLg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "JD0llI0bGUOG/VBz+9LeVQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM" } ], "JFHwM9gmv9IjLHv0L9sxhw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "JSxIEGIOCwboUDoJZgS9fA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "JTP7hkxyjG7h5CMk0jZbPg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "JTwzSHX5xKxgTtyprecVew==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL" } ], "JVuTqfPwohmj6ucokgM2sQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "JVyIt0gF10G+gSN0xWt2Mw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "Jh5o3RxPyg4est5mF2Kcww==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "JmKf//IQj2eMVJFTB1Feyw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM" } ], "Jt3He7YgLEZ/8hIPk5cerQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "Jt4td1wEVlrBnm04zKxwBg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "JtGggrfMckWn0xvfWBMJJQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "JvC/rVWSiuNeMXzeTDRZHQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "K3j3nYCvhPD02WXNRIsNow==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "KC3vOAGbS28p1tBMqdebqA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "KC4H6WRPkYrWvXb9OC+odg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "KGloE+M4iEjbEnlvrjLMAw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "KQYTpBGYLvLckEq7PBuFZQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "KTq8KY5x881D0HtG7n7QGg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "KUOjtDtz5gm5LGaNBST3aA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "KVmMrg2+bttNHDgckf/UHw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "KYv6PwzjV6/5I33cZ9LUmQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Ki2f8cm5DZbpACKABDaU2A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Kis76swMoxK60VoW2+1Vqg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Kpiv/TrMWtjY1KddUGr9vw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "Kqq2xlybjD/tOLmQWu2xPw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW" } ], "KsboTEAsiwsdLEKIDivkyA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "KtIlAO0V0/KiMbIbmHHMGw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "KwrizcJTvx0lAr8NWSRHvQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "KxCt45mXPoAqi5/FDwG2sQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "KzdT9magFP88tqWviAZYGQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "L+qJHYbmNjCvWQzRnuoGeg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "L2MoZbVdo8+qepBivoAPsQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "LEslQGmhIJ04LQz9Hsv8ZA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "LFiejdPb02ZvCk9/k6M2OA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "LMrJ8zW3vxlqJrvFMbbCGA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "LO9VaXNyE9wfPlXASM8Lgg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "LZai4kI3bS1bdNHfXbMh3Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "LZdzSvscGWIhod3wQk0Rmw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "LaPIpLP1bNzrRA3zu3KpCw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "LbxMFScix8C2IT1ci2nX0w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "LiT2UIJJCX7RQxuKZd5BaQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH" } ], "LkJjju2s50oKpBRyBT8s0A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM" } ], "LyQcB6aDtcDf3FmzBVHSKQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW" } ], "M0WxNlBrWr1WR0ACcsFS3w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "M1s3OpYTLU/XtZADzTSFEA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "M3U4dY4DNzzwTtzYkhXUMA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "MLyBE3p9/9+LMOMl2JBi6w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "MMLwOzBcCET4jaa3dPuTwQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "MX+EWJzZdHJfUgD+GuMAoA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "Mg8SgrJU+lTo8Y3PGUgkTA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "Mgltq6eR/1EGqVcVsD/SxA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "Midk7Sf8BkLBIPjoLmMFTQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "Mjl9qiXGmFVVyugvKalN1w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL" } ], "Ml85HFgT+RUvCLz8nFVfxg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "MwCK5PkH3kQTRDd4/IQ17Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "Mx7K+5VJ9q5MSCq5wzzrvA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "N0rRS+PZWKeXRoflok9RVw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "NA1ZYlQUiA35ngK3uoa06A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "NAeLRm7CJFLUTEpKQNt7kQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL" } ], "NBh5fV9uZlTEErwbgzUbGA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "NE9uxy8/WRNKYC1zs+0BLg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL" } ], "NETfvu2mgbpmZZcrjbxOYg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "NHVF8uSdIs3qjmJ3d32Guw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "NQLX1dwxKsZukJGLLOGUaw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL" } ], "NVw9L7wf5CkACfCMTn/ArA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "Nd9jBPH5RBX4nCYx4+9Hiw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "NeZAaBfGrzLvaMKrJL7WlA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "NpL+GEKVroRZflTiMJBC+w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "NqGNmtc5kTbIsAJujpk/5A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "NqnvbAJ9TE8i+K0jPU+gTA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "NrmEp7ITzyyHtVTCw3MlhQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "Nsd5wG+dBhUvVktxuz/adg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "O/NLHzmZCYYLTZKelvciHQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "O6K8wxAPcmLr8qOIbQ6uMA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "OAFgQI0NLiTuwa5m3oeKvw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "OFIelSTGJAvnMHk6/6CzoA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "ONllKJutmosR2fhHJ20IMw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "OQR/VSsiAo45bFrdiKL3jg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "OWkDuwVWzveyu3TOzKkSvw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "OXQ7H2CaA5DhIn9wkh9zjA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "OXr+UvfSDAQbLGP4xOBSMw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Ob+LJ5zYHnbjt14Yf8W7UA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "OdcI0jF8LiFuCSbWJG8BVQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "Opv2ZJKgUn+U/J0TWXn7uw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "P/9UEa4H7U3EYHe3jfy0lw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "P4xlUSVilS8AN7gF8bwdxQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "PAUv+MU3xwsjx5jndGYXQA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL" } ], "PAbZTh6+C5MKjPK9CG1C7A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "PGExK42ORMqRWXq7JKsHPw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "PKlJ+iD3hwJNxdUvXPohzw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "PNIOf0qJAfA/0zwZhsKuTQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "PYpOjotUZ0rZ3yidSXAEiA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "PacJvOG68IlKYb9U+duwYA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "PcYbFEpwRLstXeojnKQIpQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "Pp72Aea+vKOOy3uJudZhUw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "PrviK3G+tpQstfFpKzyLbQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "PsRF7Xq7dFAe19vnyA4U+Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "PvZ0wY1WS+Oda/0LmsfVWg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "Pza9Y2xtH9MChVMkZwgw2A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "Q/Pzrblh+S8zgQniIv+2cQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "Q0D37bmhhLGtYILIAMgFXg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Q68PtYAoFZBVQr3VSCGeUg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Q7aPQDMsGvkoOug//ojuyQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL" } ], "Q8IjmHAyEPfSZ4ADo6BLIA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Q8sE7E8pAQzfSs4FZ1Nn4Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "QN/fQcKt84KRQN337M2Owg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH" } ], "QQ1upjXEDW7OiB4aR8O/8A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "QScrbjVTtwLmwolS+TGkzw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "QTm6CFJsupGe2cLQ3aQQbg==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "QX9gQ7esz1e73iQHmwojXA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "QYt7IWs4IVpEJ8zBDWXlaA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "QbgvVzhz2dr5BDvAUM6wFQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Qd2XnJZ3qaQ3AbyDXUaR2A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "Qe1reyLPtQVZ5wKqKa9jQA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM" } ], "QenEWurn4r/HUaULM7xKAA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Qixdjpm4eBW53WCypmEm2Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "QpmPmJkImbP3BLZVoQ/PBw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "Qrr5Q+c0TZSBOI5u+k3BAw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH" } ], "RATpPhLUqjEbe+XxyYxOOw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "RCSfHTV46eUaJTK1sFhTkQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "RIB897UdZi2GShqV1cDBcw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "RIwina92/O63CIQtdCj6Ug==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "RQQmMvzO7YiyLb0Zr1ojVQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "Rd2hVVbUws+mcvoC7DaoiQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "RiLxHaGbiEKepqyUULRcvQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "RlOfhoCCkdSSaNMAmR7TiQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "RnXEkSuORl14LlzYthaVHw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "RqavhGB1siExZjIV6Gyz2Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "RrbNEAZ+bJrZ+zzACvAjBw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "Rs2w9Uui+dW2Lg48Ml6jpw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "RwD1qkwqXeIcCzzyTwz+cg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "RxwFiIUPJYMo6r5lfv+sdQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "S3QNU6jy5TEnJU2t9h6F+A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "S5Dzz9cigoJDCj8s5UcT0g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "S8k5xDZW6CKWQt5V5/wRBA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "SDm/mWtE0NpXgrgtbv569w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "SFC0+CA5TX05a3ET5nJAfQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "SFFvu1KKVcKnTOZLT8Kd6g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "SJNAwbr1JxOIEghGlwyxyg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "SM2joNFusXvykl0QgMtP9A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "SPY2CCRLRTXm0jZ9H6uG7w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "SSAJUNd+iNG0Dh0JEHjSXA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Sa5f5jPlFl2oY9IDRio54A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH" } ], "Shxtnoeb6rhU/fPKJVP5cQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "SkebAuLx4OQKa5x3b2ygUw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "SppkJsOzm+2zbTRc6NQFQQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "SstbtJyplu6wT0tmTKbr8w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "StRqIVsXN6NcVuvirqAMOg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "SvhQ7tNvl6ANrVnaJ4cBNw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "T5Nghm4crNWWnUrYvZZItg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "TIcWaTRsDD52irGN4xUQyA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "TR5BMIE90A4aYm4WW7+gRQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "TV+RoO9Hh3TnH7l4rpQ7AA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "TalBIBBcOPRavGaHJsTMkg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "Tf9GPe0ffQbxf7Wogt3Fhw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "TidlERP60Pc/L340CB6P5w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "TjEkLXWfvQA8WSrW/tqybA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "Toocv9UWe2zbLkvuaDfUkA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "TszqopCoskBv4coMA3/peg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "U0WTbuk2H1FMZfvvwahshg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "U6qBKCP/toaRYToALpEUAg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "UCH2epLcJUWMTm+igZOEXg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "UFifyy6/bFh+Jtu5aKnN5A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "UNpQq3W7NuU/YvxyKob7dQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "UgygbzqyqNSQmVxqENV7uQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM" } ], "UyrXKlV/F8Ngo4hTkS7IlQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "V0122WZRlA5XXWrSlR4bmA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "VDf6d6jM2A0p/K+7RsIMFg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "VIGh6VPQOivNmVhFo2OTaA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "VMq7c5UxVfK0QVgxJQyC8w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "VRs8KQ+fl8HuGMz4R8czFA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "VVkxgZwgg7/nXkUWcx1KaQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "VWEbeFnFOHy1IkG21b5a5g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "VaI9oASdZliWzEmaptNeNg==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "VaKG59F2yakPJAEOFL4Asg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "Ve1jg9SxTDjeNdfGHjxP2g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "VeYabM3XwaLL8BU4Jh7KXg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "VobzA5akuxgpQXC8/BOSTQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW" } ], "VzBrcD6XqIzEjbmGcOkvIg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "W+p5JmA7ns+QxSud6NKuiQ==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "W0TAw6aTfwXOMlJwloDkZA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "WEdA5uyUUAV71glqMuGYiw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "WJS8qOOq39ghNxcfIty3tg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "WKEI7EQhRkCAgIF18HZjKg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "WN9impUbRzm+dw9sY8IWzg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "WOZhfkOPgECPNSR7cqBWXQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "Wa6ckvi19N85obTr27Z/+w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "WjwqFYHIpeFIRVSB9rQ7Rg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "Wsq+mYbQsKJ0v5uT9JRfhQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "WvFMXlBuN1xBtbJATgFX8g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "Wvo6vOf6spcLE2C+GaDeyA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "WyYfV4qukI0O3aVuym2nzw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "Wzh+oxEmmD8N98PMCI2K3A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "X0yRty1CAF/BkqF0tnfBQQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "X10PEbhI2yv6KYFUPacecg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "X1XbXShyT1+HQUnA5EVJNw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "X3WuoMxfqKQH/0bF7PkAAQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "X4CDljJQJsftQ2RA57ftuw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "X58g4IHG7dfM9qsUqybFEQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "XB4RQ8WaFJuxAC8ZgyKRNA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "XD8Zer8JIEHfKGC4G2WfMA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "XEJvX5LybNvCwdnogSEXGw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "XG6XCizQonEnnNOuXOQWQg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "XL13OgM64iwln6Z42dkwJg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "XL1Nv8y45q8aiA92A99YyA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "XMRntDldPNvYaEN1H/aMEA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "XMZYTX/i7lOXfIPea0g5sg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "XW4X9/W6MfETfE/VICA4Jw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW" } ], "XWaBdbEJiHpYXT1f1eBk1Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "XaAEuH+mpvQipMTbWh8nFA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "XbcsPhUJZcz9SAjlyzA2Tw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "Xd13Zf2Hfkk86nXadq2UDw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL" } ], "Xd8tQ0FXTmb0dMN8/OnXTg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "XeJxNps2a1xzV61fNDZUHg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH" } ], "Xh7qucrAcTPJpjwtifDAOw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "XuMP4XKeqFlYH9jgvFKXXw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "Y/6FiFNJ+h2jXNTlPOzrnQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "Y0WCcL6v+5OIjHQRxTrD9A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "Y3OvoDmeS+5hnAANsWjyFw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "Y3WKF6/Qa3b8kujepTuCsg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "Y5911jYxxg7J6VKhk7mqCw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "Y6TEBwH0+CoZ50j5sQV23w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH" } ], "Y6jBF6ZoX5K+LWaeE5AkSA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "Y8KTdl/rf2JLSAIhuuUuHA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "Y8lb/NrdVvcIZE+CE1zroA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "YBqwZyDthwb6s3n+wbOzLg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "YNMtsn/tcZvCfn+cUvP3pg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "YNouFTBaiJNQFxYyrJAQcA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "YRtomD2mNPBaDnjgdnhCQQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "YSdK7PYtLQ7JLXu7W4mdRQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "YUwZZ9Cg1FloxBZV60vOCg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "YYqZRAErReQsq797SjIKyQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "YflZHrpMaALkUOyhhiuuUg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "YgxSASsulE3lhlk/tt7LHw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "YickFGkosXFq4QeJ0jRTmg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "YqWCYK92PMDEl8TLsC6HCw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "Z0bbSkX8e3OUKdJa86CbBw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW" } ], "Z3ooXdPZHBGz3Zn2fzVGjA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "ZCn9Srq8w747kRfU/6QKyw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "ZFn12nIvEndnJS63wjZESA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM" } ], "ZMCWgxkMJ4LjF/nj5/+01g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "ZNwy3QgTwoKlAhTZV5z0HA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "ZOlDuMHRTvnXFtaV1nFliw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "ZdCiHmwhX39f7Nxq9Dvfig==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "Zi1o7b8bEdo9KhZZdH0SUQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "Zi4lyFbPtDTAWKi80UvBVw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "ZmujHtiyxPvmBBbUi0nxZw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "ZvOFKEq7oWW91gkeFtoU/w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "a+JwG0xBDvmYEUUxYjq1Kg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "a4nZis/zgZDfMKZCwlqdOQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "a5l+SxLdqB3cOBewJ+GHLw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "a7EB0fwsUs3hrXN5L9zyjQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH" } ], "a7yL9rjZkvWVTG0o5DKHqQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "aF+sd+odivpUdxBxF+S5uw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "aLzx+P0aEIkUrEfjJdf5/w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "aNmMuJ15ZBwP9R8F7p6TOw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "aSJymHSxRBYrHs97nG69hw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "ac6BZ0tqO6i0QQDCZWfGNg==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "achkbzg3O1uzsJzN1LVDLg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "akyADtY97pCYfGQtx4g3Vw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "apOLVQNsMm6SHDR1ZLmlVw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "arPTXFJYsCT564EgyQClGA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "arTUuvS7/95E2eEJJD9lOQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "aspIRl2zXkMgoNBD+Mjfng==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "ax7ntKztjjUex0Fnm21atg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "axH36tojleQPaI/cBLrGqg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "axoy8GS3FJZXy/Fso4Xcfw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "b21yUyaQZ7Y4OfaGCUVaag==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "b24jROqAI53DUVRmvW6uEg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "b2xf65/2S45gOxG8Grxy0g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "b3gcqhWrOMtSFjkTMyyWQw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "b4aC+VBxT4a9as7pojFgGw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "bA3ztsCpotNDP+b742CdhA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "bACUKZThWu3kcO82NfO4eg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "bLMaRua6ipPy16X+92IGGw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "bNvH54V1y9cXsGaCXVwFVw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "bQK/Rney1rPI7+9CyV9VTA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "beUGNCG9iPBG/Zz8r78LLA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "bf41zTvm6HAv6xdiXpwGWQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW" } ], "bh7RRRlNP555+LOFASdB0w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "blTOjHCd+uWQY/erNemJNg==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "bpwdCug2xQZhmaazCqwIew==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH" } ], "btNYPbmIqnHI3+3MJrK+8w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "c/V3UUetEWXOe0XME5swFQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "c8VcLtF5K0vg10vsMZYG1g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "c8cGZ/4k99JHYnQ4CNatRw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "c95Jb/MAeM4/Wnq2jSIopg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "cEBSRCjTfMgbAUsOsjMnqQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "cEWgC5CO6TrD8MK/mH+Kfw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "cMY+6QfPqyOZE380Mf5rIQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "cPlqbimjP0WfKIKsSfuixQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "cPq/U1/7qnqQE3GmlFCwvw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "cYFbjhnbLGvTbLgTZZAfjg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "cgF+p8OJpHCsOW2Oy70xoA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "cgxcvHmn06cOBf5ZYQwsUw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "coulLPAoexKoIM9KOAPmNw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "cp/A6si6B6vWVQNk17XSnQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "cpGjwZ3Q1xNLBVEpajU1Dw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "cuNmXs5IUHyxswp17wjaOA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "cxMZ2TEnkk6RdtuU9fDThg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "d8mzsl/ZaK1d/J7qLMkOkA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "dCUBvfGyOSXO4VY8QdHggA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "dO/rj/SVo/ZlfJAB2ajOEQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "dQRtstacQp0RWMkspwRjSg==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "dQtkeBg4aMq+iqhRXRyUDQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "dWXEBBwtYKNNgI/pql/Wqg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "dXai+tN/7FyABpZEHRiZgw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "de6Wm8GcUOvZ/vqX7ogEtQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "dm+ndyaUV9ItZVXnMeopkQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH" } ], "dpCbBO9jgzvekz9nKJpSRA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "dx/et2OZXdYVZSrhJfSrZw==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "dyCYPXxd7bCPPaju+r3IVw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "dzeq4RzokXiRsxVtGOEPhA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "e/bnYsWq3UNe4TO8qzzb8A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "e/v4SMj2wFe/5+CPTpBb+A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "e6LZ4uJxRzOyLre8rcZ0vA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "e7h3lwyDkLbzwbeza9/TWw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "e8C6jymFUSIHopouPFGGFQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "eBEaq7QkFFGIjRiXXe+5jA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "eCD0Zq+Sv5lVZTbBica/1Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "eERb0a2u5NJoo8XHmwI23A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "eEdM5b8SNZw5B2W+M8++aw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH" } ], "eHjfPFaXzOZyzfB0f3GbJw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "eP1FG6VgmguUBnU9hC/AUg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "eQlZ6TVCSDW0YD8sgXyweQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "eTNfn3GTlnobAc4el0vVmg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "eU+ILHU8CY+dWE/VYEmKUg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "edJj0SWSjBg+OUxgE/bF/w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "eekbTUpqIafepE8Hfmhn6g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "ejuaJgliYRMqa1eisyzj5A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "enCBbxIBBG9uJBIJ2Silsw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH" } ], "erPkEyDHplTNz5OUVOYC0w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "exYmjpiMmOkTrwjxIZq6JQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "f2eveWp2gzC6peE+M/ZNhg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "f4QDD+YvES2qKPm12WbPwQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "f4ea/sV/4Prs0uTKnuNrmQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "f8zkiAQiKYmmQ6JoWVEpyg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "fArj/oGEQJYMqcLV3LNH/A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "fAt+QSazQuj9LFCdyfZZzA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "fIV0OhL231N5SkDHdJvs6Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "fSeU4QTAs+fY+ihLpgdM9A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW" } ], "fil2zeXkk1/a+i/G+BujrA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "fp87zNEa2D9uFt6aQDX/nA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "fwfAtjf5gVRneidAp93edQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 2.8, "baseSeverity": "LOW" } ], "fyONzYZbtPrBLBjFGxQl/g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "g6spFzT6DoopzuQCE0pjRg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "gBPNXzwjgVa5ca7lHwiyCw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "gC3dJaA81IvQxpeDciVx9Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "gCDAawtTyfC//zBgWDdiZQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH" } ], "gCebGc7h8wl4naU6uyAdpQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "gGrGej/Pj6/poAgebFb+dg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "gJB4UR04diqd8I+vxY+1fA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "gNGv6C2nj/tHk2ntVJUOWw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "gO/zNtynA7F2O6aq8GoPIA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "gQ5m9am3Bv84irZQypyt/Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "gTyBvus3gRvwKplivrccuQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "gW0KUmpTUJYEkCwOP2FqGA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "gY9+YsbpBVhdQiQFYUR+HA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "gb5j6KarixX5fipxRp1LNQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "gfIEl2znKgiy+ZSNQhFiLg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "gh7IiVLtHhqlEfQymEmXiQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "giLBrK6czoD3l3BDs0Jfcw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "gltsekO9p4cbvcWxBDVbSw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "gnXtmE3L2gvbt8pzYX37xw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "gvOYexCvSFjRc1ovPwHsww==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "h+nOQU6khNxAH7kkGqVqkQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "h08ca9AawAYymWtiO1A44A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW" } ], "h4OS/K8oEkyAvmNo4yuDKg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH" } ], "h6GTPnls31RdKBTZJul/dw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "h8L7lkg9bH1dokRGj7cGGw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "hAaZlwqM0X/FPe0ATui+mQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "hGz8R5Dny4UCIDPZzXbK3g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "hMkYbCHpeOKQraSBEl8+Aw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "hQhn3O6sw4QusprpMJeLag==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "hRMmSXWNjnz6N6DylTgifg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "hVOFvG1HRBUhlwlYajt2Yg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "hbOAbiOJ6F6ohNePMmRtlQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "hc++EiPoaVY0Qkk7w+nh4A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "hcNgLCV/TsDPpNYUtRv1MQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "hfZSSxHN31zxV+RJ48FtBg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "hiF9bhRE95azD1Yk9fu+ZA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "hoEzPUhgPgrwsfAtoMIFaQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "hqRw6qkUism7SLSc7yKfvA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "hrshc3JV1jRyp5Xnhxc38g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "hv+ParDx50dAs4r0Ndx/ew==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "hxluEp8Si16NQcfaJDWcLg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "i8+mJGQkaRsXWs3mhtMbqg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "iEmJ0GmqtnnVYVaxRdkVag==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "iK/w4oP0ry88Fhi1iG/FpA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "iX218jkzkS2+JTcyUOQcCg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "ijiaRlnbujxKRwcR5Q2+pQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "isjT5nIgMy52h44P4+fxFg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH" } ], "ixc06f0H9vqMfsbwQSwwvA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "izjZI/AsSlkRCQFNfC3oCA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "j6J3aybJPyGqPMBpG68ocw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "j6Ki8P4Vb2sZGNB1xlEkQA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "j7yoSCks+i8LevHtgFwCwQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "jEwfbMyfFZbq+8RZhi1Maw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "jRtF/kn/3fSzbp/7sWwiig==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "jU6R01smYIMn3KeQZsQ68g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "jiVVTQmOtKqVixv7agF/Hg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "jlhRpuK0j9viGlxiAnKR7w==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "js5JzMGM8uuQxX+aKnVURA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "jwGLTuKM5GavU6fep3WjhQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "k+7PDiqjiZmgwmR4YKvp9w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "k/CdFos3+OXmV6TI04xnUQ==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "k0+XSeQ+Lylj5KsCbogU9A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "k1iloax1qfqa4/tolfprdg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "k4cfSQ57LEw9O0FDfmqx3A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "kAqWBUicknsNlYe6T7rf3w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "kB5UdZ4TbmRXHAdPCWAEuA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "kEe4Kuw3hXrzhJ/JDjR7wg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM" } ], "kHjC5QVIEbAPA3Kvkur0dg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "kQq8hvN2yLWiupMaLbRduA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "kTSRcRUr3mSxDRXVL9dhcw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH" } ], "kTyfGInwWoCVv7gGPYCF5g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "kUo4IyXRh1XFppRDAqTNnw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "kaUbMItvWrS1leJMEsAk9A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "kb+dJWap/vqDJjrjHMXEJA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "km4/t4mBY59JctKjJhxr7w==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "kp7y/8/qIa8rhviA3lrmrg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "kwBmjCC7+d5xUliMZJPNWA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "kz6iRBveELIreSMq2mxHNg==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "l2+nQ26t0lYvVluseJErUQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "l7R0dYa3/wacw5OfFFHc2g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "lDV5qcTcJkBCbILUcFq4dA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "lHLNxD93t7uUJfmDhNwvCQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "lJeTT/Y9HVuGmrDkd/kJpw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "lKTqUwulx7XO67+VKem76Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "lKWd5TH1rX+jMUJKexEO4g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "lKniGV6mBq1xFWJ6V0QVvA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "lTBbmC+SvCXRPdEhl1Ahaw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "lYfCoUzW92wHdYAjBr0Hag==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "lbxN096+MM/KBPw8fZJzzw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "lfRSe3KnjizxALbsHC2rVQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "lgDJBQQ7c78g/JJCPZyTdg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "luwgFmI9PBVJtU7lZ44gYA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "m6kwbTpOzBrFGJ63gjT+hA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "m8JLumk5EhM5fKwi6Y9sfw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "m9bQWf5c9pRFKrNcvjU06g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "mTe73yDGtNKBR9vMgderPA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL" } ], "mXtloR/ustBd3YdFN2xuJw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "meNyncb9fNYGERpV1NYrdQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "mk1XE0ocPMZ1zLQU00rlYA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "mm2TrpfZhVe16kqFBRq/1g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "mmFI4mA7exd6BfbwTUwJfQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM" } ], "mnUeQ4Vw9lyvW20zguI0Jw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "mr8ERmk8X8w7fcjVVsFZxQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "mrw/N2aXp27zWWHmC5CUtA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "mzudbhzyxeahL7ZqcHKBNA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "n/nPV3PWwT/nX6gwjJjU6w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "n6P1LNQtOKO2D4puI71Auw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "nBIbXPa+XHxa5HNwUkiI5Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "nC4l7O18/jmlfiNKOKyszA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "nD1KRgcfZaRxt4xJsj1tug==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "nPSgEkWJB1b5/FQHoj8iDQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "nQa7bF7X3iUh1i4gjOdv+Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "nZWUanjTwczZHAOfOo7z6g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "ndiQlGlGFfiNqSZTxkw6Jg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "nhrGIpCrz+AkUCXc1l2xPQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "noiZ4vsqIEp1S/OLQJJb5w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "nqFoLk/pCsthdVW9bEMEEQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "nw3xTn5H4isiDWgRRp2mFQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "o/u/1w71z7P7I8H9GBIsbw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH" } ], "o16kBwzDyL2DXuhbCPWX9Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM" } ], "o4XSf3iuWcKQUGp2hHoEXw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "o7Wt0RgmjSYSjMhb6uYQ8A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "o8O4Ttqnv0lQfm1yyfyVsw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "oAWlLj5xhoQdD0/9sVLozQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "oBP3fJ/dCNO09esiyvMqrQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "oGVW07Zdco+t8LxGqPbEUA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "oIBUxFCAPk4vRXBwpcmtFw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "oOxpEAJ7Dm+eqzNK9Kk7sg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH" } ], "oPExWUHvFdxpqvgy6j7woA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "oUkJIbYpxyFXjg//yD+o4A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "oVgcRSL89qnSRkMXpV8N8A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "oov3ViUtB6SINzpltF5uvg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "oqSc7q4k6wTno/u9knscCQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "ow+W4FZFcnnnyqC0uw4arQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW" } ], "oyvtOIVUDqm1ruQx8vhRhA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "pBoQ+PsAQ5BZXsP3ZwzxpA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "pH8+w8Xtk7zJJtrUbdYyhA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "pJcWMOFMt41bY+94aWQQQQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH" } ], "pa953vHlkxOHxS+pLBTLTg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "ph0x625aARsE8YFKgES8uA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "pisd40lsYyPZfJXI5PaneQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "q/JIHOHyBf5oYZOBv4QV5w==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "q4ElF35yZ0x2PA3O3q2EVQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "q6lhV1L2lF0++R6MkKl+kA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "q7sBMd/vv2s2xJ4pQXPOHg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "q99r/5og6gILO4INuTA0sQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "qAOl8Bnkad8YQcGLFtMNDg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW" } ], "qEhRdzGH44SGjJIcqcIv/g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "qWK7H7gz7e8gS19GJSeIIg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "qYORp6v9x0Jy6S8OKerZvw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "qau+Fm/24UQljHWBD/OZyw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "qd6f1Pm+8EQf+vKTgQIKag==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "qga4oRtpFgA1YSSQz4jFqg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "qjKGGY3933nbxsRxZfTnQw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "qjR4mPW4a9B3pl+6YNwqVw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "qk9S8kWzmq71qXaFOZgOpg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "qmOnOxNwhPY6vKeXEAxu9w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "qnPr3gcD7In/41sUsGuJuA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "qug1advw8m4TjVAUPEUPiA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "qwaLsgSownBAuP4PEhYGjQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "r3RLKNYtYvKarBqnnrlrew==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "r410Z5X0yojDsVg9YVcNqQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "r7FjmMNb7gvjumuk3FvyAw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM" } ], "rANfKvTXxXq6V32cczrBHQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "rDDtdCntuyuji1lZ72ZxzA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "rEdDUf16brwtMXDyTJsMjQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "rGjgjD/Clgx7UEcIO0/VxQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "rIgQBIDE6jMxwwM1LwcoaA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "rJljaCTiTdw1uI1lvfy+hw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM" } ], "rO5a9fYyaqaIZ4bH0M8fdA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "rR+qbZpOBxw8zxI9IAWH5A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "rR226S9SV4WbmIVotM0CsQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "rREnUm7sDNyGeeD6RlvlrQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "rTV9bjfy2M3+eJBkP+611w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "rV+AIqZ70JJr5ykX/wSMqA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "rXaqnJlNn2UeiJLxMzdz0w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "rXfDRM1LVoEbyd6JU1iKcQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "rb5DZ0is806TQPI0yy6fYA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "rd7C8AD7IYUHYPSfAYtKrQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "rjQPW5Euu4kWAju5fh1A6Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "rtFa3141Q9+bfT/6QHNRBg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "rz6mUIc/WNmMqDJ62kTBMw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "s/7gHZSkaG/wubfvwUuCLw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "s/Jfbx1UXOiwzCCMDalr1A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "s00I6skFa5o9PfOAkReUDQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "s3p2a+1ZN6WexZBk0888Pw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "s4GBMvRcoMkjpfrzX/GkLQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "s6kt2DqKLHgzYSGciPtGtQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH" } ], "s7lhI3LbQwMT+dukpP3kmg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "sAlO/t+jkkm59mLcdOgB9w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW" } ], "sDamL08DYL9URybdOyWb+g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "sHzNKKfomAzzwg2Sf6Qeaw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "sKFgvk8xXWITWQ/QeRQbAQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "sMiI7LyEQVEePEq+VLCTxQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "sQ2W4F2gpnWDvulegh7NnA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "sSP/LkDGkhEk2XZGphdpfA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "sV8sVArT8E8xe2ObgOwDQg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "saBs9oNOsYX5kiTMkaioeQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "sc70wAms2Fm/s0Onai142g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "scu0fznRerd9B16y1/RO8g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "snkpykX/Nuv1Y3FeOzr09g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "snuOK/MSU9RHiR0jGJiZAw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "sptuc7ZZHxI6LEMAs9uKnw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "sut2Jyi9Sg5GxKwdaNmHPg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "t+BDL+U2MMfFVxGH0afsVA==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "t2vAQ1ifh2D1sI5NKQFGrQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "t4zk3L2NvO9RseSjbbwBfw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "t7klIbkcqJpX+Hibob7+Dg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH" } ], "tAjtjtLQRffvPdu/MRsVLw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL" } ], "tJi5yLt21mvpq+yBFP/U8w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "tLSR0X6hQ7hvyPbBXZslBQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "tTNtM6MxTsMTJHkh5Jqm2w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "tTPMh2mU5gwswvtBybuwSw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "tVfJwcNEqhKfRMwXYsOBjg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL" } ], "tbhLz74i3ShwS72WbIsoOA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "tbkEtEs3aa+p2/YQaD8BfQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "teVzqeXKz5qAL9KrVUsKAA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "teY0YQnCPIVyeq14QKaH3Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "tmgvL67F6tn2BiYH4dbG+w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "tn0LvNg6ynzrjuqYII6VjQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "tnmlwiFTNywjV8t76lLkrA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "todSxpG0ADSu6dX8ZW+q4A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "ttvA33kOVBV+TWYGRrPG7g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "tuHArjfmqVqOkSDvFpG0MA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "txkZ/58CgqtFOXydvP1XLw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "u/1qpWmYmlFZ94shsoLdNw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "u1caIbS4Tk6y8c7sz8Hvhw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "uDfc8ZaPfrhTGcFwVaIvAA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM" } ], "uEn9qA67O/SoYHOtH/EL2w==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW" } ], "uFXEnN9gepJ4+HtQWdLrOg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "uFegF3JDarHwmUsDj39jKQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "uJCDkMoBY4xBDdgsAXvBMQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "uO3OOEY6W3k9QH/tNVK0LQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW" } ], "uSuvSdYIemCRGlfv8lGkuQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "uUXjEDTiz3w22aHXrIzeBg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "uVmA7GUNWdA65M4tmw++XQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "ucnZ3NrsBVYnlUI65g+YQw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "ugk8bc5JAs//Hgj923HTXA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "uglqkYqbcsDd4SCu9NI2Ww==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "uikNRmJj2VyibU1zT+Mneg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "ujypD271NReIMihczobLQw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "v/e7DnxVAlpegLOsTN2UPQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "v0AFBlqGmBQlS1dhX2TSVw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "v0sRbG79dXJKDYDtyopcyA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "v8dGiTe4KxqKw3mwN85XDw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "v9+1y5YeigbSyCurLz2YHA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "vGiwA1iecWkM9TCrP/cOdg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" } ], "vO3fut6i1BxfSSrT2ubFEA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "vVpALVEJZjuFjBK3jgRFKA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "vW0+/HQSgXG0Itr5qyIxIg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "vXi2lz1to7zuM26Qf+5v9Q==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "vYVfNkdHVoix1j9S6G4zoQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "vnOALZCV08rW836Ci7w9kQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "vrUyli9F/TSWI+RqUWzl9A==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "vz5xJxolla1YwmKD1vUDUg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "vzByRV8qKLfVVoPLFuTpeQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "w1094TrprBpG+5TZJus6FA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "w1gSEYxPtWAIfzlL3TbM3g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "w820AArU7EvMtvlZkNuyNg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "w8HdqFb1v+5TiPAPr02m9g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "w8af/LTYrBLWhYkZBSi2Lg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "wBcG/UM3LLdlHaGWnuTKFQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "wIIptfGVgtdFwdHLveHQTw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "wQDBiN+ZfYCbBccIgJzPcQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "wZFtfR91K+mWwCwEmQpUmA==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "wcNr0VBORZ/YM9aIEuV6XA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "wqk4HClUoIMMf7SUpa+Adw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "wx8MVa76rtUz50BalUYnJg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "wyKxcZRF/hg+LQiqCVC6rg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "x0SVslQrSSiPd4SF4/4hGw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "x1E7nyV5fDzAyk1STjwshA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" } ], "x4y353xwTKkgu0582Qh5wg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "xEE9zf8DUoHY25V5nM0x+g==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" } ], "xKwaDB7aG2oH2GrBtebXYQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "xL4loYVOmJB7OXC3kSkmfw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "xNb89cwcl67WhXZjUplwIA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "xQ6R88+x8IssPvOAavmZXw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "xZIb4S2QRmsQOqvyUKACAA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "xi7l1oiVtVzfSxtJw44jSg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "xjtPKIYmvcYxxZBNJ8tEUw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "xpRC7lqeIvSrWa/KfZckow==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "xsv8GBgazK9Dz4RNkUHFjQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "xtSEUud0UN//Su0ySaR3UQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "y4mCwDYfTNPe4spWKWwjwQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "y9E+Lh5SpPDKe0DW19HLjA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "yFyXcq1E5bw+omyiCv+CnQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "yHfUI1Pnswr2CPSGioQ4BA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "yHqTDX5RE8eUKM9rdC//Mg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "yOD9sFmw+ZkhtjrTzOQNtg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM" } ], "yQdXSsMbHycMlE0PdqtmHw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "yU5mkCPzEauPBsUqlb3apQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "ydN/9qW+IO/7qUsy09APhw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "ygcRE9YitCbLx9CXMh7mPQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" } ], "ykE0E9Lv2Xj6V4wi3K89SA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "ylg3k+AtgUcIl3hJiXNMlw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "ysEF64GA1SEOz6Uev8X6pQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "zDHl5AxFMMqrfTCU6DAHtQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "zDmU3WG0c3AQYw7NFebUCQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "zJlrDTLwkYlMUMmfRWCifg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "zP2miTirQjHfCyfRvmeCxw==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "zQ+wurn4Y1m7g+Dod0JrXA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "zY61FHLduccxZAfWDpeM2g==": [ { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM" } ], "zbCarOV2Tc7arcK/YbfGpg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM" } ], "zkStPEZlqSplVlCvCS/Zdg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ], "zlxvoUxhbbvyCm+ir0eRIg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" } ], "zoCeQAIu1TFmWIYHnlYddg==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "zum30oF+vgO+77M+8QbtcA==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" } ], "zw0cARVh3jgrbyVziYo6DQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" } ], "zx97OaxgXH8j+mFWesQySQ==": [ { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" } ] } ] } } pod: python-component-ntgzlu-on-pull-request-7d8tp-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu@sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu@sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: python-component-ntgzlu-on-pull-request-7d8tp-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 4, "warnings": [ { "msg": "Found packages with high vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libwebp-devel-1.2.0-6.el9_1 (CVE-2023-4863, CVE-2023-5129), glibc-gconv-extra-2.34-60.el9 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), libxml2-devel-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928), openssl-1:3.0.7-6.el9_2 (CVE-2024-12797), less-590-1.el9_0 (CVE-2024-32487), nodejs-full-i18n-1:16.19.1-1.el9_2 (CVE-2023-32002, CVE-2023-32067, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983), krb5-libs-1.20.1-8.el9 (CVE-2024-3596), libeconf-0.4.1-2.el9 (CVE-2023-30079), mod_ssl-1:2.4.53-11.el9_2.5 (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477), pam-1.5.1-14.el9 (CVE-2024-10963), python3-libs-3.9.16-1.el9 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597), nodejs-libs-1:16.19.1-1.el9_2 (CVE-2023-32002, CVE-2023-32067, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983), libnghttp2-1.43.0-5.el9 (CVE-2023-44487), glibc-2.34-60.el9 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), mod_session-2.4.53-11.el9_2.5 (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477), libwebp-1.2.0-6.el9_1 (CVE-2023-4863, CVE-2023-5129), httpd-core-2.4.53-11.el9_2.5 (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477), httpd-filesystem-2.4.53-11.el9_2.5 (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477), libcurl-devel-7.76.1-23.el9_2.1 (CVE-2023-38545), rsync-3.2.3-19.el9 (CVE-2024-12085), glibc-devel-2.34-60.el9 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), subscription-manager-1.29.33.1-1.el9_2 (CVE-2023-3899), glibc-langpack-en-2.34-60.el9 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), libpq-devel-13.5-1.el9 (CVE-2025-1094), mod_ldap-2.4.53-11.el9_2.5 (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477), libdnf-plugin-subscription-manager-1.29.33.1-1.el9_2 (CVE-2023-3899), httpd-2.4.53-11.el9_2.5 (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477), mod_lua-2.4.53-11.el9_2.5 (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477), libxml2-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928), openssl-libs-1:3.0.7-6.el9_2 (CVE-2024-12797), krb5-devel-1.20.1-8.el9 (CVE-2024-3596), glibc-common-2.34-60.el9 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), openssh-clients-8.7p1-29.el9_2 (CVE-2023-38408, CVE-2024-6387), httpd-devel-2.4.53-11.el9_2.5 (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477), python3-setuptools-wheel-53.0.0-12.el9 (CVE-2024-6345), emacs-filesystem-1:27.2-8.el9_2.1 (CVE-2025-1244), python3-cloud-what-1.29.33.1-1.el9_2 (CVE-2023-3899), openssh-8.7p1-29.el9_2 (CVE-2023-38408, CVE-2024-6387), libxslt-devel-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), perl-Git-2.39.3-1.el9_2 (CVE-2024-32002, CVE-2024-32004), git-core-doc-2.39.3-1.el9_2 (CVE-2024-32002, CVE-2024-32004), git-core-2.39.3-1.el9_2 (CVE-2024-32002, CVE-2024-32004), nodejs-docs-1:16.19.1-1.el9_2 (CVE-2023-32002, CVE-2023-32067, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983), openssl-devel-1:3.0.7-6.el9_2 (CVE-2024-12797), npm-1:8.19.3-1.16.19.1.1.el9_2 (CVE-2023-32002, CVE-2023-32067, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983), glibc-headers-2.34-60.el9 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), curl-minimal-7.76.1-23.el9 (CVE-2023-38545), python3-devel-3.9.16-1.el9 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597), libkadm5-1.20.1-8.el9 (CVE-2024-3596), freetype-devel-2.10.4-9.el9 (CVE-2025-27363), python3-3.9.16-1.el9 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597), git-2.39.3-1.el9_2 (CVE-2024-32002, CVE-2024-32004), httpd-tools-2.4.53-11.el9_2.5 (CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477), glibc-locale-source-2.34-60.el9 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), libpq-13.5-1.el9 (CVE-2025-1094), glibc-minimal-langpack-2.34-60.el9 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), libxslt-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), nodejs-1:16.19.1-1.el9_2 (CVE-2023-32002, CVE-2023-32067, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983), libcurl-minimal-7.76.1-23.el9_2.1 (CVE-2023-38545), python3-setuptools-53.0.0-12.el9 (CVE-2024-6345), python3-subscription-manager-rhsm-1.29.33.1-1.el9_2 (CVE-2023-3899), freetype-2.10.4-9.el9 (CVE-2025-27363)", "name": "clair_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 143 } }, { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: glibc-gconv-extra-2.34-60.el9 (CVE-2023-4911), libxml2-devel-2.9.13-3.el9_1 (CVE-2025-49794, CVE-2025-49795, CVE-2025-49796), pam-1.5.1-14.el9 (CVE-2025-6020), python3-libs-3.9.16-1.el9 (CVE-2024-12718, CVE-2025-4138, CVE-2025-4517), glibc-2.34-60.el9 (CVE-2023-4911), glibc-devel-2.34-60.el9 (CVE-2023-4911), glibc-langpack-en-2.34-60.el9 (CVE-2023-4911), libxml2-2.9.13-3.el9_1 (CVE-2025-49794, CVE-2025-49795, CVE-2025-49796), glibc-common-2.34-60.el9 (CVE-2023-4911), glibc-headers-2.34-60.el9 (CVE-2023-4911), setuptools-53.0.0 (GHSA-5rjg-fvgr-3xxf, GHSA-cx63-2mw6-8hw5, GHSA-r9hx-vwmv-q579, PYSEC-2025-49), python3-devel-3.9.16-1.el9 (CVE-2024-12718, CVE-2025-4138, CVE-2025-4517), python3-3.9.16-1.el9 (CVE-2024-12718, CVE-2025-4138, CVE-2025-4517), glibc-locale-source-2.34-60.el9 (CVE-2023-4911), glibc-minimal-langpack-2.34-60.el9 (CVE-2023-4911)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 28 } }, { "msg": "Found packages with medium vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libjpeg-turbo-devel-2.0.90-6.el9_1 (CVE-2021-29390), dbus-libs-1:1.12.20-7.el9_1 (CVE-2023-34969), gcc-plugin-annobin-11.3.1-4.3.el9 (CVE-2020-11023), glib2-devel-2.68.4-6.el9 (CVE-2024-34397), glibc-gconv-extra-2.34-60.el9 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802), libxml2-devel-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062), libstdc++-devel-11.3.1-4.3.el9 (CVE-2020-11023), systemd-libs-252-13.el9_2 (CVE-2023-7008), harfbuzz-2.7.4-8.el9 (CVE-2023-25193), openssl-1:3.0.7-6.el9_2 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119), perl-B-1.80-480.el9 (CVE-2023-47038), less-590-1.el9_0 (CVE-2022-46663, CVE-2022-48624), nodejs-full-i18n-1:16.19.1-1.el9_2 (CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32006, CVE-2023-32559, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182), perl-File-stat-1.09-480.el9 (CVE-2023-47038), ncurses-6.2-8.20210508.el9 (CVE-2023-29491), krb5-libs-1.20.1-8.el9 (CVE-2023-36054, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2024-37371, CVE-2025-24528), dbus-common-1:1.12.20-7.el9_1 (CVE-2023-34969), perl-Symbol-1.08-480.el9 (CVE-2023-47038), libuv-1:1.42.0-1.el9 (CVE-2024-24806), libeconf-0.4.1-2.el9 (CVE-2023-22652), dmidecode-1:3.3-7.el9 (CVE-2023-30630), libtasn1-4.16.0-8.el9_1 (CVE-2024-12133), perl-HTTP-Tiny-0.076-460.el9 (CVE-2023-31486), perl-POSIX-1.94-480.el9 (CVE-2023-47038), gcc-gfortran-11.3.1-4.3.el9 (CVE-2020-11023), expat-2.5.0-1.el9 (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-8176), mod_ssl-1:2.4.53-11.el9_2.5 (CVE-2023-27522, CVE-2023-31122, CVE-2023-38709, CVE-2024-38473, CVE-2024-39573), pam-1.5.1-14.el9 (CVE-2024-10041, CVE-2024-22365), libXpm-devel-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), python3-libs-3.9.16-1.el9 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938), perl-Getopt-Std-1.12-480.el9 (CVE-2023-47038), python3-requests-2.25.1-6.el9 (CVE-2023-32681, CVE-2024-35195), libquadmath-11.3.1-4.3.el9 (CVE-2020-11023), nodejs-libs-1:16.19.1-1.el9_2 (CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32006, CVE-2023-32559, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182), libX11-common-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), libnghttp2-1.43.0-5.el9 (CVE-2024-28182), glibc-2.34-60.el9 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802), gnutls-3.7.6-20.el9_2 (CVE-2023-5981, CVE-2024-0553, CVE-2024-0567, CVE-2024-12243, CVE-2024-28834, CVE-2024-28835), perl-lib-0.65-480.el9 (CVE-2023-47038), sqlite-devel-3.34.1-6.el9_1 (CVE-2023-7104), rpm-libs-4.16.1.3-22.el9 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), python3-idna-2.10-7.el9 (CVE-2024-3651), rpm-sign-libs-4.16.1.3-22.el9 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), mod_session-2.4.53-11.el9_2.5 (CVE-2023-27522, CVE-2023-31122, CVE-2023-38709, CVE-2024-38473, CVE-2024-39573), httpd-core-2.4.53-11.el9_2.5 (CVE-2023-27522, CVE-2023-31122, CVE-2023-38709, CVE-2024-38473, CVE-2024-39573), perl-IPC-Open3-1.21-480.el9 (CVE-2023-47038), gmp-1:6.2.0-10.el9 (CVE-2021-43618), apr-1.7.0-11.el9 (CVE-2022-24963), libjpeg-turbo-2.0.90-6.el9_1 (CVE-2021-29390), libgcrypt-1.10.0-10.el9_1 (CVE-2024-2236), httpd-filesystem-2.4.53-11.el9_2.5 (CVE-2023-27522, CVE-2023-31122, CVE-2023-38709, CVE-2024-38473, CVE-2024-39573), perl-mro-1.23-480.el9 (CVE-2023-47038), bzip2-libs-1.0.8-8.el9 (CVE-2019-12900), libcurl-devel-7.76.1-23.el9_2.1 (CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), rsync-3.2.3-19.el9 (CVE-2024-12087, CVE-2024-12088, CVE-2024-12747), glibc-devel-2.34-60.el9 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802), glibc-langpack-en-2.34-60.el9 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802), ncurses-libs-6.2-8.20210508.el9 (CVE-2023-29491), perl-NDBM_File-1.15-480.el9 (CVE-2023-47038), perl-Errno-1.30-480.el9 (CVE-2023-47038), bzip2-1.0.8-8.el9 (CVE-2019-12900), perl-IO-1.43-480.el9 (CVE-2023-47038), perl-File-Copy-2.34-480.el9 (CVE-2023-47038), harfbuzz-devel-2.7.4-8.el9 (CVE-2023-25193), mod_ldap-2.4.53-11.el9_2.5 (CVE-2023-27522, CVE-2023-31122, CVE-2023-38709, CVE-2024-38473, CVE-2024-39573), httpd-2.4.53-11.el9_2.5 (CVE-2023-27522, CVE-2023-31122, CVE-2023-38709, CVE-2024-38473, CVE-2024-39573), mod_lua-2.4.53-11.el9_2.5 (CVE-2023-27522, CVE-2023-31122, CVE-2023-38709, CVE-2024-38473, CVE-2024-39573), libxml2-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062), openssl-libs-1:3.0.7-6.el9_2 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119), libX11-xcb-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), perl-Class-Struct-0.66-480.el9 (CVE-2023-47038), krb5-devel-1.20.1-8.el9 (CVE-2023-36054, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2024-37371, CVE-2025-24528), systemd-pam-252-13.el9_2 (CVE-2023-7008), glibc-common-2.34-60.el9 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802), openssh-clients-8.7p1-29.el9_2 (CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465), libgomp-11.3.1-4.3.el9 (CVE-2020-11023), httpd-devel-2.4.53-11.el9_2.5 (CVE-2023-27522, CVE-2023-31122, CVE-2023-38709, CVE-2024-38473, CVE-2024-39573), apr-devel-1.7.0-11.el9 (CVE-2022-24963), python3-rpm-4.16.1.3-22.el9 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), cpp-11.3.1-4.3.el9 (CVE-2020-11023), pixman-0.40.0-5.el9 (CVE-2022-44638), emacs-filesystem-1:27.2-8.el9_2.1 (CVE-2024-30203, CVE-2024-30204, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), python3-urllib3-1.26.5-3.el9 (CVE-2023-43804, CVE-2023-45803, CVE-2024-37891), openssh-8.7p1-29.el9_2 (CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465), bzip2-devel-1.0.8-8.el9 (CVE-2019-12900), ncurses-base-6.2-8.20210508.el9 (CVE-2023-29491), harfbuzz-icu-2.7.4-8.el9 (CVE-2023-25193), perl-Git-2.39.3-1.el9_2 (CVE-2024-32465, CVE-2024-52005), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-33285, CVE-2023-34410), expat-devel-2.5.0-1.el9 (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-8176), libstdc++-11.3.1-4.3.el9 (CVE-2020-11023), libgfortran-11.3.1-4.3.el9 (CVE-2020-11023), gcc-11.3.1-4.3.el9 (CVE-2020-11023), git-core-doc-2.39.3-1.el9_2 (CVE-2024-32465, CVE-2024-52005), perl-overloading-0.02-480.el9 (CVE-2023-47038), libtiff-devel-4.4.0-7.el9 (CVE-2022-40090, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2024-7006), sqlite-3.34.1-6.el9_1 (CVE-2023-7104), git-core-2.39.3-1.el9_2 (CVE-2024-32465, CVE-2024-52005), tpm2-tss-3.0.3-8.el9 (CVE-2023-22745), nodejs-docs-1:16.19.1-1.el9_2 (CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32006, CVE-2023-32559, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182), openssl-devel-1:3.0.7-6.el9_2 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119), npm-1:8.19.3-1.16.19.1.1.el9_2 (CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32006, CVE-2023-32559, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182), dbus-1:1.12.20-7.el9_1 (CVE-2023-34969), glibc-headers-2.34-60.el9 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802), perl-DynaLoader-1.47-480.el9 (CVE-2023-47038), libXpm-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), perl-base-2.27-480.el9 (CVE-2023-47038), perl-File-Basename-2.85-480.el9 (CVE-2023-47038), perl-vars-1.05-480.el9 (CVE-2023-47038), perl-Fcntl-1.13-480.el9 (CVE-2023-47038), curl-minimal-7.76.1-23.el9 (CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), perl-File-Compare-1.100.600-480.el9 (CVE-2023-47038), python3-devel-3.9.16-1.el9 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938), sqlite-libs-3.34.1-6.el9_1 (CVE-2023-7104), libkadm5-1.20.1-8.el9 (CVE-2023-36054, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2024-37371, CVE-2025-24528), systemd-252-13.el9_2 (CVE-2023-7008), perl-if-0.60.800-480.el9 (CVE-2023-47038), binutils-2.35.2-37.el9 (CVE-2022-4285), python3-3.9.16-1.el9 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938), systemd-rpm-macros-252-13.el9_2 (CVE-2023-7008), perl-subs-1.03-480.el9 (CVE-2023-47038), libgcc-11.3.1-4.3.el9 (CVE-2020-11023), perl-FileHandle-2.03-480.el9 (CVE-2023-47038), glib2-2.68.4-6.el9 (CVE-2024-34397), perl-SelectSaver-1.02-480.el9 (CVE-2023-47038), mod_http2-1.15.19-4.el9_2.4 (CVE-2023-43622, CVE-2023-45802, CVE-2024-27316), perl-File-Find-1.37-480.el9 (CVE-2023-47038), git-2.39.3-1.el9_2 (CVE-2024-32465, CVE-2024-52005), perl-AutoLoader-5.74-480.el9 (CVE-2023-47038), httpd-tools-2.4.53-11.el9_2.5 (CVE-2023-27522, CVE-2023-31122, CVE-2023-38709, CVE-2024-38473, CVE-2024-39573), libX11-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), glibc-locale-source-2.34-60.el9 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802), glibc-minimal-langpack-2.34-60.el9 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802), binutils-gold-2.35.2-37.el9 (CVE-2022-4285), nodejs-1:16.19.1-1.el9_2 (CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32006, CVE-2023-32559, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182), libcap-2.48-8.el9 (CVE-2023-2603), libcurl-minimal-7.76.1-23.el9_2.1 (CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), rpm-build-libs-4.16.1.3-22.el9 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), libX11-devel-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), wget-1.21.1-7.el9 (CVE-2024-38428), libtiff-4.4.0-7.el9 (CVE-2022-40090, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2024-7006), rpm-4.16.1.3-22.el9 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), gcc-c++-11.3.1-4.3.el9 (CVE-2020-11023), perl-libs-4:5.32.1-480.el9 (CVE-2023-47038), libquadmath-devel-11.3.1-4.3.el9 (CVE-2020-11023), perl-overload-1.31-480.el9 (CVE-2023-47038), perl-interpreter-4:5.32.1-480.el9 (CVE-2023-47038)", "name": "clair_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 444 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: python3-pip-wheel-21.2.3-6.el9 (CVE-2024-47081, CVE-2025-50181, CVE-2025-50182), glib2-devel-2.68.4-6.el9 (CVE-2024-52533, CVE-2025-4373), glibc-gconv-extra-2.34-60.el9 (CVE-2023-4806, CVE-2023-4813, CVE-2025-5702), libxml2-devel-2.9.13-3.el9_1 (CVE-2025-32414, CVE-2025-6021), shadow-utils-2:4.9-6.el9 (CVE-2024-56433), coreutils-single-8.32-34.el9 (CVE-2025-5278), systemd-libs-252-13.el9_2 (CVE-2021-3997, CVE-2025-4598), perl-B-1.80-480.el9 (CVE-2025-40909), nodejs-full-i18n-1:16.19.1-1.el9_2 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087), perl-File-stat-1.09-480.el9 (CVE-2025-40909), krb5-libs-1.20.1-8.el9 (CVE-2025-3576), gdb-headless-10.2-10.el9 (CVE-2025-5244, CVE-2025-5245), perl-Symbol-1.08-480.el9 (CVE-2025-40909), libicu-devel-67.1-9.el9 (CVE-2025-5222), perl-POSIX-1.94-480.el9 (CVE-2025-40909), expat-2.5.0-1.el9 (CVE-2024-28757), python3-libs-3.9.16-1.el9 (CVE-2021-23336, CVE-2025-4330, CVE-2025-4435, CVE-2025-6069), perl-Getopt-Std-1.12-480.el9 (CVE-2025-40909), nodejs-libs-1:16.19.1-1.el9_2 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087), libX11-common-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), glibc-2.34-60.el9 (CVE-2023-4806, CVE-2023-4813, CVE-2025-5702), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2025-29768), perl-lib-0.65-480.el9 (CVE-2025-40909), sqlite-devel-3.34.1-6.el9_1 (CVE-2025-29087), perl-IPC-Open3-1.21-480.el9 (CVE-2025-40909), perl-mro-1.23-480.el9 (CVE-2025-40909), rsync-3.2.3-19.el9 (CVE-2024-12086), glibc-devel-2.34-60.el9 (CVE-2023-4806, CVE-2023-4813, CVE-2025-5702), glibc-langpack-en-2.34-60.el9 (CVE-2023-4806, CVE-2023-4813, CVE-2025-5702), perl-NDBM_File-1.15-480.el9 (CVE-2025-40909), perl-Errno-1.30-480.el9 (CVE-2025-40909), libpq-devel-13.5-1.el9 (CVE-2025-4207), perl-IO-1.43-480.el9 (CVE-2025-40909), python3-pip-21.2.3-6.el9 (CVE-2024-47081, CVE-2025-50181, CVE-2025-50182), perl-File-Copy-2.34-480.el9 (CVE-2025-40909), libxml2-2.9.13-3.el9_1 (CVE-2025-32414, CVE-2025-6021), libX11-xcb-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), perl-Class-Struct-0.66-480.el9 (CVE-2025-40909), krb5-devel-1.20.1-8.el9 (CVE-2025-3576), systemd-pam-252-13.el9_2 (CVE-2021-3997, CVE-2025-4598), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2025-29768), glibc-common-2.34-60.el9 (CVE-2023-4806, CVE-2023-4813, CVE-2025-5702), openssh-clients-8.7p1-29.el9_2 (CVE-2023-51767, CVE-2025-32728), bsdtar-3.5.3-4.el9 (CVE-2023-30571, CVE-2025-25724), python3-setuptools-wheel-53.0.0-12.el9 (CVE-2025-47273), openssh-8.7p1-29.el9_2 (CVE-2023-51767, CVE-2025-32728), libxslt-devel-1.1.34-9.el9 (CVE-2023-40403), qt5-srpm-macros-5.15.3-1.el9 (CVE-2021-38593, CVE-2023-24607, CVE-2025-5455, CVE-2025-5683), expat-devel-2.5.0-1.el9 (CVE-2024-28757), gdb-gdbserver-10.2-10.el9 (CVE-2025-5244, CVE-2025-5245), perl-overloading-0.02-480.el9 (CVE-2025-40909), libtiff-devel-4.4.0-7.el9 (CVE-2017-17095, CVE-2017-17973, CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-52355, CVE-2023-52356, CVE-2023-6277), sqlite-3.34.1-6.el9_1 (CVE-2025-29087), tpm2-tss-3.0.3-8.el9 (CVE-2024-29040), nodejs-docs-1:16.19.1-1.el9_2 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087), npm-1:8.19.3-1.16.19.1.1.el9_2 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087), glibc-headers-2.34-60.el9 (CVE-2023-4806, CVE-2023-4813, CVE-2025-5702), perl-DynaLoader-1.47-480.el9 (CVE-2025-40909), setuptools-53.0.0 (PYSEC-2022-43012), perl-base-2.27-480.el9 (CVE-2025-40909), perl-File-Basename-2.85-480.el9 (CVE-2025-40909), perl-vars-1.05-480.el9 (CVE-2025-40909), perl-Fcntl-1.13-480.el9 (CVE-2025-40909), perl-File-Compare-1.100.600-480.el9 (CVE-2025-40909), python3-devel-3.9.16-1.el9 (CVE-2021-23336, CVE-2025-4330, CVE-2025-4435, CVE-2025-6069), libicu-67.1-9.el9 (CVE-2025-5222), sqlite-libs-3.34.1-6.el9_1 (CVE-2025-29087), libkadm5-1.20.1-8.el9 (CVE-2025-3576), systemd-252-13.el9_2 (CVE-2021-3997, CVE-2025-4598), perl-if-0.60.800-480.el9 (CVE-2025-40909), binutils-2.35.2-37.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2023-1579, CVE-2025-5244, CVE-2025-5245), python3-3.9.16-1.el9 (CVE-2021-23336, CVE-2025-4330, CVE-2025-4435, CVE-2025-6069), systemd-rpm-macros-252-13.el9_2 (CVE-2021-3997, CVE-2025-4598), perl-subs-1.03-480.el9 (CVE-2025-40909), perl-FileHandle-2.03-480.el9 (CVE-2025-40909), glib2-2.68.4-6.el9 (CVE-2024-52533, CVE-2025-4373), perl-SelectSaver-1.02-480.el9 (CVE-2025-40909), perl-File-Find-1.37-480.el9 (CVE-2025-40909), perl-AutoLoader-5.74-480.el9 (CVE-2025-40909), libX11-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), glibc-locale-source-2.34-60.el9 (CVE-2023-4806, CVE-2023-4813, CVE-2025-5702), libpq-13.5-1.el9 (CVE-2025-4207), glibc-minimal-langpack-2.34-60.el9 (CVE-2023-4806, CVE-2023-4813, CVE-2025-5702), libxslt-1.1.34-9.el9 (CVE-2023-40403), binutils-gold-2.35.2-37.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2023-1579, CVE-2025-5244, CVE-2025-5245), nodejs-1:16.19.1-1.el9_2 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087), python3-setuptools-53.0.0-12.el9 (CVE-2025-47273), libX11-devel-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), wget-1.21.1-7.el9 (CVE-2021-31879, CVE-2024-10524), libtiff-4.4.0-7.el9 (CVE-2017-17095, CVE-2017-17973, CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-52355, CVE-2023-52356, CVE-2023-6277), pip-21.3.1 (GHSA-mq26-g339-26xf), perl-libs-4:5.32.1-480.el9 (CVE-2025-40909), libarchive-3.5.3-4.el9 (CVE-2023-30571, CVE-2025-25724), gdb-10.2-10.el9 (CVE-2025-5244, CVE-2025-5245), perl-overload-1.31-480.el9 (CVE-2025-40909), perl-interpreter-4:5.32.1-480.el9 (CVE-2025-40909)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 202 } }, { "msg": "Found packages with low/negligible vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: glib2-devel-2.68.4-6.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), glibc-gconv-extra-2.34-60.el9 (CVE-2024-33601, CVE-2024-33602), shadow-utils-2:4.9-6.el9 (CVE-2023-4641), openssl-1:3.0.7-6.el9_2 (CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), nodejs-full-i18n-1:16.19.1-1.el9_2 (CVE-2023-31124, CVE-2024-25629), krb5-libs-1.20.1-8.el9 (CVE-2024-26458, CVE-2024-26461), gdb-headless-10.2-10.el9 (CVE-2021-3826), mod_ssl-1:2.4.53-11.el9_2.5 (CVE-2024-24795), python3-libs-3.9.16-1.el9 (CVE-2024-4032), nodejs-libs-1:16.19.1-1.el9_2 (CVE-2023-31124, CVE-2024-25629), glibc-2.34-60.el9 (CVE-2024-33601, CVE-2024-33602), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752), mod_session-2.4.53-11.el9_2.5 (CVE-2024-24795), httpd-core-2.4.53-11.el9_2.5 (CVE-2024-24795), httpd-filesystem-2.4.53-11.el9_2.5 (CVE-2024-24795), libcurl-devel-7.76.1-23.el9_2.1 (CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), glibc-devel-2.34-60.el9 (CVE-2024-33601, CVE-2024-33602), glibc-langpack-en-2.34-60.el9 (CVE-2024-33601, CVE-2024-33602), file-5.39-12.el9 (CVE-2022-48554), libpq-devel-13.5-1.el9 (CVE-2022-41862), mod_ldap-2.4.53-11.el9_2.5 (CVE-2024-24795), httpd-2.4.53-11.el9_2.5 (CVE-2024-24795), mod_lua-2.4.53-11.el9_2.5 (CVE-2024-24795), openssl-libs-1:3.0.7-6.el9_2 (CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), krb5-devel-1.20.1-8.el9 (CVE-2024-26458, CVE-2024-26461), procps-ng-3.3.17-11.el9 (CVE-2023-4016), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752), glibc-common-2.34-60.el9 (CVE-2024-33601, CVE-2024-33602), httpd-devel-2.4.53-11.el9_2.5 (CVE-2024-24795), perl-Git-2.39.3-1.el9_2 (CVE-2024-32020, CVE-2024-32021), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-32573), gdb-gdbserver-10.2-10.el9 (CVE-2021-3826), git-core-doc-2.39.3-1.el9_2 (CVE-2024-32020, CVE-2024-32021), libtiff-devel-4.4.0-7.el9 (CVE-2023-6228), git-core-2.39.3-1.el9_2 (CVE-2024-32020, CVE-2024-32021), nodejs-docs-1:16.19.1-1.el9_2 (CVE-2023-31124, CVE-2024-25629), openssl-devel-1:3.0.7-6.el9_2 (CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), npm-1:8.19.3-1.16.19.1.1.el9_2 (CVE-2023-31124, CVE-2024-25629), glibc-headers-2.34-60.el9 (CVE-2024-33601, CVE-2024-33602), file-libs-5.39-12.el9 (CVE-2022-48554), curl-minimal-7.76.1-23.el9 (CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), python3-devel-3.9.16-1.el9 (CVE-2024-4032), libkadm5-1.20.1-8.el9 (CVE-2024-26458, CVE-2024-26461), python3-3.9.16-1.el9 (CVE-2024-4032), glib2-2.68.4-6.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), mod_http2-1.15.19-4.el9_2.4 (CVE-2024-36387), git-2.39.3-1.el9_2 (CVE-2024-32020, CVE-2024-32021), httpd-tools-2.4.53-11.el9_2.5 (CVE-2024-24795), glibc-locale-source-2.34-60.el9 (CVE-2024-33601, CVE-2024-33602), libpq-13.5-1.el9 (CVE-2022-41862), glibc-minimal-langpack-2.34-60.el9 (CVE-2024-33601, CVE-2024-33602), nodejs-1:16.19.1-1.el9_2 (CVE-2023-31124, CVE-2024-25629), libcap-2.48-8.el9 (CVE-2023-2602), libcurl-minimal-7.76.1-23.el9_2.1 (CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), libtiff-4.4.0-7.el9 (CVE-2023-6228), gdb-10.2-10.el9 (CVE-2021-3826)", "name": "clair_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 130 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: ca-certificates-2022.2.54-90.2.el9_0 (CVE-2023-37920), python3-pip-wheel-21.2.3-6.el9 (CVE-2021-3572), gcc-plugin-annobin-11.3.1-4.3.el9 (CVE-2022-27943), glib2-devel-2.68.4-6.el9 (CVE-2023-32636, CVE-2025-3360), pcre2-syntax-10.40-2.el9 (CVE-2022-41409), libxml2-devel-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-32415, CVE-2025-6170), libpkgconf-1.7.3-10.el9 (CVE-2023-24056), libstdc++-devel-11.3.1-4.3.el9 (CVE-2022-27943), openssl-1:3.0.7-6.el9_2 (CVE-2024-13176, CVE-2024-41996), nodejs-full-i18n-1:16.19.1-1.el9_2 (CVE-2023-39333, CVE-2023-45143, CVE-2025-47279, CVE-2025-5889), ncurses-6.2-8.20210508.el9 (CVE-2022-29458, CVE-2023-45918, CVE-2023-50495), gdb-headless-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-3198), pkgconf-pkg-config-1.7.3-10.el9 (CVE-2023-24056), gcc-gfortran-11.3.1-4.3.el9 (CVE-2022-27943), elfutils-default-yama-scope-0.188-3.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), python3-libs-3.9.16-1.el9 (CVE-2024-0397, CVE-2024-7592, CVE-2025-1795), libquadmath-11.3.1-4.3.el9 (CVE-2022-27943), nodejs-libs-1:16.19.1-1.el9_2 (CVE-2023-39333, CVE-2023-45143, CVE-2025-47279, CVE-2025-5889), libX11-common-1.7.0-7.el9 (CVE-2022-3555), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603), openldap-2.6.2-3.el9 (CVE-2023-2953), sqlite-devel-3.34.1-6.el9_1 (CVE-2023-36191, CVE-2024-0232), pcre2-10.40-2.el9 (CVE-2022-41409), openldap-devel-2.6.2-3.el9 (CVE-2023-2953), pcre2-utf16-10.40-2.el9 (CVE-2022-41409), libcurl-devel-7.76.1-23.el9_2.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), ncurses-libs-6.2-8.20210508.el9 (CVE-2022-29458, CVE-2023-45918, CVE-2023-50495), python3-pip-21.2.3-6.el9 (CVE-2021-3572), pcre2-devel-10.40-2.el9 (CVE-2022-41409), pcre2-utf32-10.40-2.el9 (CVE-2022-41409), libxml2-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-32415, CVE-2025-6170), openssl-libs-1:3.0.7-6.el9_2 (CVE-2024-13176, CVE-2024-41996), pkgconf-1.7.3-10.el9 (CVE-2023-24056), libX11-xcb-1.7.0-7.el9 (CVE-2022-3555), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603), openssh-clients-8.7p1-29.el9_2 (CVE-2016-20012), libgomp-11.3.1-4.3.el9 (CVE-2022-27943), pkgconf-m4-1.7.3-10.el9 (CVE-2023-24056), bsdtar-3.5.3-4.el9 (CVE-2025-1632, CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), cpp-11.3.1-4.3.el9 (CVE-2022-27943), emacs-filesystem-1:27.2-8.el9_2.1 (CVE-2017-1000383), openssh-8.7p1-29.el9_2 (CVE-2016-20012), ncurses-base-6.2-8.20210508.el9 (CVE-2022-29458, CVE-2023-45918, CVE-2023-50495), perl-Git-2.39.3-1.el9_2 (CVE-2024-50349, CVE-2024-52006), libstdc++-11.3.1-4.3.el9 (CVE-2022-27943), libgfortran-11.3.1-4.3.el9 (CVE-2022-27943), gdb-gdbserver-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-3198), gcc-11.3.1-4.3.el9 (CVE-2022-27943), git-core-doc-2.39.3-1.el9_2 (CVE-2024-50349, CVE-2024-52006), patch-2.7.6-16.el9 (CVE-2021-45261), libtiff-devel-4.4.0-7.el9 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916), sqlite-3.34.1-6.el9_1 (CVE-2023-36191, CVE-2024-0232), git-core-2.39.3-1.el9_2 (CVE-2024-50349, CVE-2024-52006), nodejs-docs-1:16.19.1-1.el9_2 (CVE-2023-39333, CVE-2023-45143, CVE-2025-47279, CVE-2025-5889), openssl-devel-1:3.0.7-6.el9_2 (CVE-2024-13176, CVE-2024-41996), npm-1:8.19.3-1.16.19.1.1.el9_2 (CVE-2023-39333, CVE-2023-45143, CVE-2025-47279, CVE-2025-5889), unzip-6.0-56.el9 (CVE-2021-4217, CVE-2022-0529, CVE-2022-0530), elfutils-libelf-0.188-3.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), tar-2:1.34-6.el9_1 (CVE-2023-39804), gawk-5.1.0-6.el9 (CVE-2023-4156), curl-minimal-7.76.1-23.el9 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), python3-devel-3.9.16-1.el9 (CVE-2024-0397, CVE-2024-7592, CVE-2025-1795), sqlite-libs-3.34.1-6.el9_1 (CVE-2023-36191, CVE-2024-0232), openldap-compat-2.6.2-3.el9 (CVE-2023-2953), binutils-2.35.2-37.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-3198), python3-3.9.16-1.el9 (CVE-2024-0397, CVE-2024-7592, CVE-2025-1795), libgcc-11.3.1-4.3.el9 (CVE-2022-27943), glib2-2.68.4-6.el9 (CVE-2023-32636, CVE-2025-3360), git-2.39.3-1.el9_2 (CVE-2024-50349, CVE-2024-52006), libX11-1.7.0-7.el9 (CVE-2022-3555), libpng-2:1.6.37-12.el9 (CVE-2022-3857), gnupg2-2.3.3-2.el9_0 (CVE-2022-3219, CVE-2025-30258), elfutils-debuginfod-client-0.188-3.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), libpng-devel-2:1.6.37-12.el9 (CVE-2022-3857), binutils-gold-2.35.2-37.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-3198), nodejs-1:16.19.1-1.el9_2 (CVE-2023-39333, CVE-2023-45143, CVE-2025-47279, CVE-2025-5889), libcurl-minimal-7.76.1-23.el9_2.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), libX11-devel-1.7.0-7.el9 (CVE-2022-3555), libtiff-4.4.0-7.el9 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916), pip-21.3.1 (PYSEC-2023-228), gcc-c++-11.3.1-4.3.el9 (CVE-2022-27943), libarchive-3.5.3-4.el9 (CVE-2025-1632, CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), libquadmath-devel-11.3.1-4.3.el9 (CVE-2022-27943), gdb-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-3198), elfutils-libs-0.188-3.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 429 } } ] } ] {"vulnerabilities":{"critical":0,"high":143,"medium":444,"low":130,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":28,"medium":202,"low":429,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0", "digests": ["sha256:f95d797603b4b7459eafa5a76faae30dcf6686990e8c15c9cb0f4aaa0a661057"]}} {"result":"SUCCESS","timestamp":"2025-09-11T13:38:00+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: python-component-ntgzlu-on-pull-request-7d8tp-clamav-scan-pod | init container: prepare 2025/09/11 13:35:25 Entrypoint initialization pod: python-component-ntgzlu-on-pull-request-7d8tp-clamav-scan-pod | init container: place-scripts 2025/09/11 13:35:32 Decoded script /tekton/scripts/script-0-47mr6 2025/09/11 13:35:32 Decoded script /tekton/scripts/script-1-49ktw pod: python-component-ntgzlu-on-pull-request-7d8tp-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Extracting image(s). Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. pod: python-component-ntgzlu-on-pull-request-7d8tp-clamav-scan-pod | container step-upload: pod: python-component-ntgzlu-on-pull-request-7d8tp-init-pod | init container: prepare 2025/09/11 13:31:32 Entrypoint initialization pod: python-component-ntgzlu-on-pull-request-7d8tp-init-pod | init container: place-scripts 2025/09/11 13:31:34 Decoded script /tekton/scripts/script-0-8wpfg pod: python-component-ntgzlu-on-pull-request-7d8tp-init-pod | container step-init: Build Initialize: quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 Determine if Image Already Exists pod: python-component-ntgzlu-on-pull-request-7d8tp-show-summary-pod | init container: prepare 2025/09/11 13:38:04 Entrypoint initialization pod: python-component-ntgzlu-on-pull-request-7d8tp-show-summary-pod | init container: place-scripts 2025/09/11 13:38:05 Decoded script /tekton/scripts/script-0-q92jv pod: python-component-ntgzlu-on-pull-request-7d8tp-show-summary-pod | container step-appstudio-summary: Build Summary: Build repository: https://github.com/redhat-appstudio-qe/sample-multi-component?rev=4507c9b389e642c76d212c46d1a948e5302889c0 Generated Image is in : quay.io/redhat-appstudio-qe/build-e2e-fdnu/python-component-ntgzlu:on-pr-4507c9b389e642c76d212c46d1a948e5302889c0 End Summary