Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-pigr/go-component-bcxpss@sha256:fd19bb6156ab36807c0d4367a821fbfdddbae1cb37741f358e80d01f43673c8f. Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-pigr/go-component-bcxpss Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-pigr/go-component-bcxpss WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation '. Found SBOM of media type: text/spdx+json Running TPA scan on amd64 image manifest... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 1718k 0 0 100 1718k 0 1421k 0:00:01 0:00:01 --:--:-- 1421k{ "scanned" : { "total" : 724, "direct" : 339, "transitive" : 385 }, "providers" : { "rhtpa" : { "status" : { "ok" : true, "name" : "rhtpa", "code" : 200, "message" : "OK", "warnings" : { "pkg:golang/cmd/objdump" : [ "Unable to process: missing version component" ], "pkg:golang/github.com/devfile-samples/devfile-sample-go-basic" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/pprof" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/cover" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/cgo" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/trace" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/link" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/pack" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/go" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/vet" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/compile" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/gofmt" : [ "Unable to process: missing version component" ], "pkg:golang/github.com/go-delve/delve/cmd/dlv" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/api" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/addr2line" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/test2json" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/buildid" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/asm" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/doc" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/fix" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/dist" : [ "Unable to process: missing version component" ], "pkg:golang/cmd/nm" : [ "Unable to process: missing version component" ] } }, "sources" : { "osv-github" : { "summary" : { "direct" : 24, "transitive" : 5, "total" : 29, "dependencies" : 14, "critical" : 0, "high" : 14, "medium" : 12, "low" : 3, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:pypi/setuptools@53.0.0", "issues" : [ { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:npm/tar@6.1.11", "issues" : [ { "id" : "CVE-2026-23950", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2026-23950" ], "unique" : false }, { "id" : "CVE-2026-24842", "source" : "osv-github", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-24842" ], "unique" : false }, { "id" : "CVE-2026-26960", "source" : "osv-github", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-26960" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-23950", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2026-23950" ], "unique" : false } }, { "ref" : "pkg:npm/ip@2.0.0", "issues" : [ { "id" : "CVE-2024-29415", "title" : "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.", "source" : "osv-github", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-29415" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-29415", "title" : "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.", "source" : "osv-github", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-29415" ], "unique" : false } }, { "ref" : "pkg:npm/http-cache-semantics@4.1.0", "issues" : [ { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false } }, { "ref" : "pkg:npm/minimatch@5.1.0", "issues" : [ { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27904" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false } }, { "ref" : "pkg:pypi/requests@2.25.1", "issues" : [ { "id" : "CVE-2023-32681", "title" : "Unintended leak of Proxy-Authorization header in requests", "source" : "osv-github", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32681" ], "unique" : false }, { "id" : "CVE-2024-35195", "title" : "Requests `Session` object does not verify requests after making first request with verify=False", "source" : "osv-github", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35195" ], "unique" : false }, { "id" : "CVE-2024-47081", "title" : "Requests vulnerable to .netrc credentials leak via malicious URLs", "source" : "osv-github", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47081" ], "unique" : false }, { "id" : "CVE-2026-25645", "title" : "Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function", "source" : "osv-github", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25645" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:pypi/urllib3@1.26.5", "issues" : [ { "id" : "CVE-2026-21441", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21441" ], "unique" : false }, { "id" : "CVE-2023-43804", "source" : "osv-github", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43804" ], "unique" : false }, { "id" : "CVE-2025-50181", "source" : "osv-github", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-50181" ], "unique" : false }, { "id" : "CVE-2024-37891", "source" : "osv-github", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37891" ], "unique" : false }, { "id" : "CVE-2023-45803", "source" : "osv-github", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45803" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-21441", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21441" ], "unique" : false } }, { "ref" : "pkg:pypi/idna@2.10", "issues" : [ { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2026-21441", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21441" ], "unique" : false } }, { "ref" : "pkg:npm/semver@7.3.7", "issues" : [ { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false } }, { "ref" : "pkg:npm/minimatch@3.1.2", "issues" : [ { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27904" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-27903", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27903" ], "unique" : false } }, { "ref" : "pkg:npm/npm@8.19.2", "issues" : [ { "id" : "CVE-2026-0775", "source" : "osv-github", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-0775" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-0775", "source" : "osv-github", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-0775" ], "unique" : false } }, { "ref" : "pkg:npm/brace-expansion@1.1.11", "issues" : [ { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false }, { "id" : "CVE-2025-5889", "title" : "juliangruber brace-expansion index.js expand redos", "source" : "osv-github", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-5889" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false } }, { "ref" : "pkg:npm/brace-expansion@2.0.1", "issues" : [ { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false }, { "id" : "CVE-2025-5889", "title" : "juliangruber brace-expansion index.js expand redos", "source" : "osv-github", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-5889" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-33750", "title" : "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "source" : "osv-github", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-33750" ], "unique" : false } }, { "ref" : "pkg:pypi/idna@2.10", "issues" : [ { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-3651", "source" : "osv-github", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-3651" ], "unique" : false } }, { "ref" : "pkg:npm/%40tootallnate/once@2.0.0", "issues" : [ { "id" : "CVE-2026-3449", "source" : "osv-github", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3449" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2026-3449", "source" : "osv-github", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3449" ], "unique" : false } } ] }, "redhat-csaf" : { "summary" : { "direct" : 723, "transitive" : 1217, "total" : 1940, "dependencies" : 193, "critical" : 29, "high" : 835, "medium" : 953, "low" : 123, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:rpm/redhat/binutils-gold@2.35.2-24.el9?arch=x86_64&distro=rhel-9.1&upstream=binutils-2.35.2-24.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-4285", "title" : "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4285" ], "unique" : false }, { "id" : "CVE-2025-11082", "title" : "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11082" ], "unique" : false }, { "id" : "CVE-2025-11083", "title" : "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11083" ], "unique" : false }, { "id" : "CVE-2025-5244", "title" : "GNU Binutils ld elflink.c elf_gc_sweep memory corruption", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5244" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.19.1-24.el9_1?arch=x86_64&distro=rhel-9.1&upstream=krb5-1.19.1-24.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-19.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=curl-7.76.1-19.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.1&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-8.el9_0?arch=x86_64&distro=rhel-9.1&upstream=libgcrypt-1.10.0-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.4.9-1.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=expat-2.4.9-1.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2022-23990", "title" : "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-23990" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.1&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.1&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@250-12.el9_1.3?arch=noarch&distro=rhel-9.1&upstream=systemd-250-12.el9_1.3.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@250-12.el9_1.3?arch=x86_64&distro=rhel-9.1&upstream=systemd-250-12.el9_1.3.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@250-12.el9_1.3?arch=x86_64&distro=rhel-9.1&upstream=systemd-250-12.el9_1.3.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.1&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-5.el9?arch=x86_64&distro=rhel-9.1&epoch=2&upstream=shadow-utils-4.9-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.1&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gdb-headless@10.2-10.el9?arch=x86_64&distro=rhel-9.1&upstream=gdb-10.2-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-3826", "title" : "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3826" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.19.1-24.el9_1?arch=x86_64&distro=rhel-9.1&upstream=krb5-1.19.1-24.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-10.el9_1.1?arch=noarch&distro=rhel-9.1&upstream=python-setuptools-53.0.0-10.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.14-1.el9_1.2?arch=x86_64&distro=rhel-9.1&upstream=python3.9-3.9.14-1.el9_1.2.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-19.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=curl-7.76.1-19.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl = 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-21824" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2024-21892", "title" : "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-21892" ], "unique" : false }, { "id" : "CVE-2024-21896", "title" : "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 7.9, "severity" : "HIGH", "cves" : [ "CVE-2024-21896" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false }, { "id" : "CVE-2022-3517", "title" : "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3517" ], "unique" : false }, { "id" : "CVE-2022-43548", "title" : "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-43548" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-23919", "title" : "A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23919" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-38552", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-38552" ], "unique" : false }, { "id" : "CVE-2023-39331", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39331" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2021-44531", "title" : "Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44531" ], "unique" : false }, { "id" : "CVE-2021-44532", "title" : "Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44532" ], "unique" : false }, { "id" : "CVE-2021-44533", "title" : "Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44533" ], "unique" : false }, { "id" : "CVE-2024-22017", "title" : "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-22017" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2024-21891", "title" : "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21891" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22020", "title" : "A security flaw in Node.js allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22020" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2025-23167", "title" : "A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\\r\\n\\rX` instead of the required `\\r\\n\\r\\n`.\nThis inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.\n\nThe issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.\n\nImpact:\n* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23167" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2023-46809", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46809" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2023-39333", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39333" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-55132" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-21890", "title" : "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21890" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2023-45143", "title" : "Undici's cookie header not cleared on cross-origin redirect in fetch", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2023-45143" ], "unique" : false }, { "id" : "CVE-2024-36137", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-36137" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2021-44906", "title" : "Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2021-44906" ], "unique" : false }, { "id" : "CVE-2024-22018", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2024-22018" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/nodejs@16.18.1-3.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=nodejs-16.18.1-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false }, { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false }, { "id" : "CVE-2022-4904", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-4904" ], "unique" : false }, { "id" : "CVE-2022-21824", "title" : "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-21824" ], "unique" : false }, { "id" : "CVE-2022-35255", "title" : "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-35255" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2024-21892", "title" : "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-21892" ], "unique" : false }, { "id" : "CVE-2024-21896", "title" : "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 7.9, "severity" : "HIGH", "cves" : [ "CVE-2024-21896" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false }, { "id" : "CVE-2022-3517", "title" : "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3517" ], "unique" : false }, { "id" : "CVE-2022-43548", "title" : "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-43548" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-23919", "title" : "A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23919" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-38552", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-38552" ], "unique" : false }, { "id" : "CVE-2023-39331", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39331" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2021-44531", "title" : "Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44531" ], "unique" : false }, { "id" : "CVE-2021-44532", "title" : "Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44532" ], "unique" : false }, { "id" : "CVE-2021-44533", "title" : "Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44533" ], "unique" : false }, { "id" : "CVE-2024-22017", "title" : "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-22017" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2024-21891", "title" : "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21891" ], "unique" : false }, { "id" : "CVE-2022-35256", "title" : "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35256" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22020", "title" : "A security flaw in Node.js allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22020" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2025-23167", "title" : "A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\\r\\n\\rX` instead of the required `\\r\\n\\r\\n`.\nThis inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.\n\nThe issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.\n\nImpact:\n* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23167" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2023-46809", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46809" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2023-39333", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39333" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-55132" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-21890", "title" : "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21890" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2023-45143", "title" : "Undici's cookie header not cleared on cross-origin redirect in fetch", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2023-45143" ], "unique" : false }, { "id" : "CVE-2024-36137", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-36137" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2021-44906", "title" : "Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2021-44906" ], "unique" : false }, { "id" : "CVE-2024-22018", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2024-22018" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/nodejs-libs@16.18.1-3.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=nodejs-16.18.1-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false }, { "id" : "CVE-2022-4904", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-4904" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-55132" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.1&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.1&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.1&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/environment-modules@5.0.1-1.el9?arch=x86_64&distro=rhel-9.1&upstream=environment-modules-5.0.1-1.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64&distro=rhel-9.1&upstream=less-590-1.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false }, { "id" : "CVE-2022-46663", "title" : "In GNU Less before 609, crafted data can result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-46663" ], "unique" : false }, { "id" : "CVE-2022-48624", "title" : "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-48624" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.1&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.1&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-8.el9_0?arch=x86_64&distro=rhel-9.1&upstream=libgcrypt-1.10.0-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/vim-filesystem@8.2.2637-20.el9_1?arch=noarch&distro=rhel-9.1&epoch=2&upstream=vim-8.2.2637-20.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2026-25749", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-25749" ], "unique" : false }, { "id" : "CVE-2026-33412", "title" : "Vim affected by Command injection via newline in glob()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-33412" ], "unique" : false }, { "id" : "CVE-2023-4752", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-4752" ], "unique" : false }, { "id" : "CVE-2021-3903", "title" : "Heap-based Buffer Overflow in vim/vim", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3903" ], "unique" : false }, { "id" : "CVE-2026-28421", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28421" ], "unique" : false }, { "id" : "CVE-2026-28417", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28417" ], "unique" : false }, { "id" : "CVE-2025-53905", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53905" ], "unique" : false }, { "id" : "CVE-2025-53906", "title" : "Vim has path traversal issue with zip.vim and special crafted zip archives", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-53906" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-25749", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-25749" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@250-12.el9_1.3?arch=x86_64&distro=rhel-9.1&upstream=systemd-250-12.el9_1.3.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.1&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/procps-ng@3.3.17-8.el9?arch=x86_64&distro=rhel-9.1&upstream=procps-ng-3.3.17-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4016", "title" : "Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-4016" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4016", "title" : "Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-4016" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-gobject-base@3.40.1-6.el9?arch=x86_64&distro=rhel-9.1&upstream=pygobject3-3.40.1-6.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-10.el9_1.1?arch=noarch&distro=rhel-9.1&upstream=python-setuptools-53.0.0-10.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.14-1.el9_1.2?arch=x86_64&distro=rhel-9.1&upstream=python3.9-3.9.14-1.el9_1.2.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.14-1.el9_1.2?arch=x86_64&distro=rhel-9.1&upstream=python3.9-3.9.14-1.el9_1.2.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.1&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.1&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-5.el9?arch=x86_64&distro=rhel-9.1&upstream=glib2-2.68.4-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.1&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-12.el9_0?arch=x86_64&distro=rhel-9.1&upstream=gnutls-3.7.6-12.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2023-0361", "title" : "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0361" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.4.9-1.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=expat-2.4.9-1.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2022-23990", "title" : "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-23990" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.1&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.1&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.1&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lsof@4.94.0-3.el9?arch=x86_64&distro=rhel-9.1&upstream=lsof-4.94.0-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.19.1-24.el9_1?arch=x86_64&distro=rhel-9.1&upstream=krb5-1.19.1-24.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.1&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.1&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/git-core@2.31.1-3.el9_1?arch=x86_64&distro=rhel-9.1&upstream=git-2.31.1-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-32002", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-32002" ], "unique" : false }, { "id" : "CVE-2022-39260", "title" : "Git vulnerable to Remote Code Execution via Heap overflow in `git shell`", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-39260" ], "unique" : false }, { "id" : "CVE-2025-48385", "source" : "redhat-csaf", "cvssScore" : 8.3, "severity" : "HIGH", "cves" : [ "CVE-2025-48385" ], "unique" : false }, { "id" : "CVE-2024-32004", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-32004" ], "unique" : false }, { "id" : "CVE-2025-48384", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-48384" ], "unique" : false }, { "id" : "CVE-2022-24765", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-24765" ], "unique" : false }, { "id" : "CVE-2022-29187", "title" : "Bypass of safe.directory protections in Git", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-29187" ], "unique" : false }, { "id" : "CVE-2023-29007", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29007" ], "unique" : false }, { "id" : "CVE-2023-23946", "title" : "Git's `git apply` overwriting paths outside the working tree", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23946" ], "unique" : false }, { "id" : "CVE-2023-25652", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25652" ], "unique" : false }, { "id" : "CVE-2024-52005", "title" : "The sideband payload is passed unfiltered to the terminal in git", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-52005" ], "unique" : false }, { "id" : "CVE-2024-32465", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-32465" ], "unique" : false }, { "id" : "CVE-2025-27614", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27614" ], "unique" : false }, { "id" : "CVE-2022-39253", "title" : "Git subject to exposure of sensitive information via local clone of symbolic links", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-39253" ], "unique" : false }, { "id" : "CVE-2023-22490", "title" : "Git vulnerable to local clone-based data exfiltration with non-local transports", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22490" ], "unique" : false }, { "id" : "CVE-2024-52006", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52006" ], "unique" : false }, { "id" : "CVE-2025-27613", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-27613" ], "unique" : false }, { "id" : "CVE-2024-32020", "title" : "Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32020" ], "unique" : false }, { "id" : "CVE-2024-32021", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-32021" ], "unique" : false }, { "id" : "CVE-2024-50349", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2024-50349" ], "unique" : false }, { "id" : "CVE-2025-46835", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-46835" ], "unique" : false }, { "id" : "CVE-2023-25815", "source" : "redhat-csaf", "cvssScore" : 2.2, "severity" : "LOW", "cves" : [ "CVE-2023-25815" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssh-clients@8.7p1-24.el9_1?arch=x86_64&distro=rhel-9.1&upstream=openssh-8.7p1-24.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false }, { "id" : "CVE-2026-3497", "title" : "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-3497" ], "unique" : false }, { "id" : "CVE-2024-6387", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-6387" ], "unique" : false }, { "id" : "CVE-2024-6409", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-6409" ], "unique" : false }, { "id" : "CVE-2025-26465", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26465" ], "unique" : false }, { "id" : "CVE-2023-25136", "title" : "OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states \"remote code execution is theoretically possible.\"", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-25136" ], "unique" : false }, { "id" : "CVE-2023-51385", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-51385" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2025-61984", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61984" ], "unique" : false }, { "id" : "CVE-2025-61985", "title" : "ssh in OpenSSH before 10.1 allows the '\\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61985" ], "unique" : false }, { "id" : "CVE-2025-32728", "title" : "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32728" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssh@8.7p1-24.el9_1?arch=x86_64&distro=rhel-9.1&upstream=openssh-8.7p1-24.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false }, { "id" : "CVE-2026-3497", "title" : "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-3497" ], "unique" : false }, { "id" : "CVE-2024-6387", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-6387" ], "unique" : false }, { "id" : "CVE-2023-51767", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-51767" ], "unique" : false }, { "id" : "CVE-2024-6409", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-6409" ], "unique" : false }, { "id" : "CVE-2025-26465", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26465" ], "unique" : false }, { "id" : "CVE-2023-25136", "title" : "OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states \"remote code execution is theoretically possible.\"", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-25136" ], "unique" : false }, { "id" : "CVE-2023-51385", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-51385" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2025-61984", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61984" ], "unique" : false }, { "id" : "CVE-2025-61985", "title" : "ssh in OpenSSH before 10.1 allows the '\\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61985" ], "unique" : false }, { "id" : "CVE-2025-32728", "title" : "In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32728" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-38408", "title" : "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-38408" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.19.1-24.el9_1?arch=x86_64&distro=rhel-9.1&upstream=krb5-1.19.1-24.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64&distro=rhel-9.1&upstream=less-590-1.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false }, { "id" : "CVE-2022-46663", "title" : "In GNU Less before 609, crafted data can result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-46663" ], "unique" : false }, { "id" : "CVE-2022-48624", "title" : "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-48624" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-19.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=curl-7.76.1-19.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl unit exists and is running.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40223" ], "unique" : false }, { "id" : "CVE-2026-40228", "title" : "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-40228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-29111", "title" : "systemd: Local unprivileged user can trigger an assert", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2026-29111" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-5.el9?arch=x86_64&distro=rhel-9.1&upstream=glib2-2.68.4-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.1&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.43.0-5.el9?arch=x86_64&distro=rhel-9.1&upstream=nghttp2-1.43.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-12.el9_0?arch=x86_64&distro=rhel-9.1&upstream=gnutls-3.7.6-12.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2023-0361", "title" : "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0361" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.4.9-1.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=expat-2.4.9-1.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2022-23990", "title" : "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-23990" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsolv@0.7.22-1.el9?arch=x86_64&distro=rhel-9.1&upstream=libsolv-0.7.22-1.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.1&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.10.0-8.el9_0?arch=x86_64&distro=rhel-9.1&upstream=libgcrypt-1.10.0-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false }, { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-41989", "title" : "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-41989" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dmidecode@3.3-7.el9?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=dmidecode-3.3-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-30630", "title" : "Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-30630" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.6.2-3.el9?arch=x86_64&distro=rhel-9.1&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap-compat@2.6.2-3.el9?arch=x86_64&distro=rhel-9.1&upstream=openldap-2.6.2-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-rpm@4.16.1.3-19.el9_1?arch=x86_64&distro=rhel-9.1&upstream=rpm-4.16.1.3-19.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-decorator@4.4.2-6.el9?arch=noarch&distro=rhel-9.1&upstream=python-decorator-4.4.2-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2727", "title" : "Bypassing policies imposed by the ImagePolicyWebhook admission plugin", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2727" ], "unique" : false }, { "id" : "CVE-2023-2728", "title" : "Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2728" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2727", "title" : "Bypassing policies imposed by the ImagePolicyWebhook admission plugin", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2727" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-sign-libs@4.16.1.3-19.el9_1?arch=x86_64&distro=rhel-9.1&upstream=rpm-4.16.1.3-19.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-build-libs@4.16.1.3-19.el9_1?arch=x86_64&distro=rhel-9.1&upstream=rpm-4.16.1.3-19.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.16.1.3-19.el9_1?arch=x86_64&distro=rhel-9.1&upstream=rpm-4.16.1.3-19.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libeconf@0.4.1-2.el9?arch=x86_64&distro=rhel-9.1&upstream=libeconf-0.4.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22652", "title" : "Stack buffer overflow in \"read_file\" function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22652" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.16.1.3-19.el9_1?arch=x86_64&distro=rhel-9.1&upstream=rpm-4.16.1.3-19.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tpm2-tss@3.0.3-8.el9?arch=x86_64&distro=rhel-9.1&upstream=tpm2-tss-3.0.3-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-22745", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-22745" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua-libs@5.4.4-2.el9_1?arch=x86_64&distro=rhel-9.1&upstream=lua-5.4.4-2.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.2.0-10.el9?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=gmp-6.2.0-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-libs@1.12.20-7.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-common@1.12.20-7.el9_1?arch=noarch&distro=rhel-9.1&epoch=1&upstream=dbus-1.12.20-7.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux-core@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-requests@2.25.1-6.el9?arch=noarch&distro=rhel-9.1&upstream=python-requests-2.25.1-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-32681", "title" : "Unintended leak of Proxy-Authorization header in requests", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32681" ], "unique" : false }, { "id" : "CVE-2024-35195", "title" : "Requests `Session` object does not verify requests after making first request with verify=False", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35195" ], "unique" : false }, { "id" : "CVE-2024-47081", "title" : "Requests vulnerable to .netrc credentials leak via malicious URLs", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47081" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-32681", "title" : "Unintended leak of Proxy-Authorization header in requests", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32681" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libfdisk@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/util-linux@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-rpm-macros@250-12.el9_1.3?arch=noarch&distro=rhel-9.1&upstream=systemd-250-12.el9_1.3.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-pam@250-12.el9_1.3?arch=x86_64&distro=rhel-9.1&upstream=systemd-250-12.el9_1.3.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@250-12.el9_1.3?arch=x86_64&distro=rhel-9.1&upstream=systemd-250-12.el9_1.3.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.39-10.el9?arch=x86_64&distro=rhel-9.1&upstream=file-5.39-10.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.1&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.1&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.9-5.el9?arch=x86_64&distro=rhel-9.1&epoch=2&upstream=shadow-utils-4.9-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.1&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=x86_64&distro=rhel-9.1&upstream=golang-1.18.9-1.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-24538", "title" : "Backticks not treated as string delimiters in html/template", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-24538" ], "unique" : false }, { "id" : "CVE-2025-4674", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4674" ], "unique" : false }, { "id" : "CVE-2025-61731", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2025-61731" ], "unique" : false }, { "id" : "CVE-2023-24540", "title" : "Improper handling of JavaScript whitespace in html/template", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-24540" ], "unique" : false }, { "id" : "CVE-2023-39323", "title" : "Arbitrary code execution during build via line directives in cmd/go", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-39323" ], "unique" : false }, { "id" : "CVE-2023-29403", "title" : "Unsafe behavior in setuid/setgid binaries in runtime", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29403" ], "unique" : false }, { "id" : "CVE-2022-2880", "title" : "Incorrect sanitization of forwarded query parameters in net/http/httputil", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2880" ], "unique" : false }, { "id" : "CVE-2022-41723", "title" : "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41723" ], "unique" : false }, { "id" : "CVE-2022-41724", "title" : "Panic on large handshake records in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41724" ], "unique" : false }, { "id" : "CVE-2022-41725", "title" : "Excessive resource consumption in mime/multipart", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41725" ], "unique" : false }, { "id" : "CVE-2023-24534", "title" : "Excessive memory allocation in net/http and net/textproto", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24534" ], "unique" : false }, { "id" : "CVE-2023-24536", "title" : "Excessive resource consumption in net/http, net/textproto and mime/multipart", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24536" ], "unique" : false }, { "id" : "CVE-2023-24537", "title" : "Infinite loop in parsing in go/scanner", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24537" ], "unique" : false }, { "id" : "CVE-2023-29404", "title" : "Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-29404" ], "unique" : false }, { "id" : "CVE-2023-29405", "title" : "Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-29405" ], "unique" : false }, { "id" : "CVE-2023-39321", "title" : "Panic when processing post-handshake message on QUIC connections in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39321" ], "unique" : false }, { "id" : "CVE-2023-39322", "title" : "Memory exhaustion in QUIC connection handling in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39322" ], "unique" : false }, { "id" : "CVE-2023-39325", "title" : "HTTP/2 rapid reset can cause excessive work in net/http", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39325" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2023-45285", "title" : "Command 'go get' may unexpectedly fallback to insecure git in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-45285" ], "unique" : false }, { "id" : "CVE-2023-45288", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-45288" ], "unique" : false }, { "id" : "CVE-2024-1394", "title" : "Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-1394" ], "unique" : false }, { "id" : "CVE-2024-24788", "title" : "Malformed DNS message can cause infinite loop in net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-24788" ], "unique" : false }, { "id" : "CVE-2024-34156", "title" : "Stack exhaustion in Decoder.Decode in encoding/gob", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-34156" ], "unique" : false }, { "id" : "CVE-2025-22874", "title" : "Usage of ExtKeyUsageAny disables policy validation in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-22874" ], "unique" : false }, { "id" : "CVE-2025-58183", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-58183" ], "unique" : false }, { "id" : "CVE-2025-61726", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61726" ], "unique" : false }, { "id" : "CVE-2025-61728", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61728" ], "unique" : false }, { "id" : "CVE-2025-61729", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61729" ], "unique" : false }, { "id" : "CVE-2026-25679", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-25679" ], "unique" : false }, { "id" : "CVE-2025-61732", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-61732" ], "unique" : false }, { "id" : "CVE-2025-68121", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2023-24539", "title" : "Improper sanitization of CSS values in html/template", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-24539" ], "unique" : false }, { "id" : "CVE-2023-29400", "title" : "Improper handling of empty HTML attributes in html/template", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-29400" ], "unique" : false }, { "id" : "CVE-2023-29402", "title" : "Code injection via go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-29402" ], "unique" : false }, { "id" : "CVE-2025-47907", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-47907" ], "unique" : false }, { "id" : "CVE-2025-4673", "title" : "Sensitive headers not cleared on cross-origin redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4673" ], "unique" : false }, { "id" : "CVE-2024-24790", "title" : "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24790" ], "unique" : false }, { "id" : "CVE-2022-27664", "title" : "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27664" ], "unique" : false }, { "id" : "CVE-2022-2879", "title" : "Unbounded memory consumption when reading headers in archive/tar", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2879" ], "unique" : false }, { "id" : "CVE-2022-32189", "title" : "Panic when decoding Float and Rat types in math/big", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32189" ], "unique" : false }, { "id" : "CVE-2022-41715", "title" : "Memory exhaustion when compiling regular expressions in regexp/syntax", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-41715" ], "unique" : false }, { "id" : "CVE-2023-29406", "title" : "Insufficient sanitization of Host header in net/http", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29406" ], "unique" : false }, { "id" : "CVE-2024-24785", "title" : "Errors returned from JSON marshaling may break template escaping in html/template", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24785" ], "unique" : false }, { "id" : "CVE-2024-9355", "title" : "Golang-fips: golang fips zeroed buffer", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9355" ], "unique" : false }, { "id" : "CVE-2025-47906", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-47906" ], "unique" : false }, { "id" : "CVE-2023-39318", "title" : "Improper handling of HTML-like comments in script contexts in html/template", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39318" ], "unique" : false }, { "id" : "CVE-2023-39319", "title" : "Improper handling of special tags within script contexts in html/template", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39319" ], "unique" : false }, { "id" : "CVE-2024-24783", "title" : "Verify panics on certificates with an unknown public key algorithm in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24783" ], "unique" : false }, { "id" : "CVE-2024-24791", "title" : "Denial of service due to improper 100-continue handling in net/http", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24791" ], "unique" : false }, { "id" : "CVE-2024-34155", "title" : "Stack exhaustion in all Parse functions in go/parser", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-34155" ], "unique" : false }, { "id" : "CVE-2024-34158", "title" : "Stack exhaustion in Parse in go/build/constraint", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-34158" ], "unique" : false }, { "id" : "CVE-2024-45336", "title" : "Sensitive headers incorrectly sent after cross-domain redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45336" ], "unique" : false }, { "id" : "CVE-2024-24789", "title" : "Mishandling of corrupt central directory record in archive/zip", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24789" ], "unique" : false }, { "id" : "CVE-2024-24784", "title" : "Comments in display names are incorrectly handled in net/mail", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24784" ], "unique" : false }, { "id" : "CVE-2025-22871", "title" : "Request smuggling due to acceptance of invalid chunked data in net/http", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22871" ], "unique" : false }, { "id" : "CVE-2022-41717", "title" : "Excessive memory growth in net/http and golang.org/x/net/http2", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-41717" ], "unique" : false }, { "id" : "CVE-2023-24532", "title" : "Incorrect calculation on P256 curves in crypto/internal/nistec", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-24532" ], "unique" : false }, { "id" : "CVE-2023-29409", "title" : "Large RSA keys can cause high CPU usage in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29409" ], "unique" : false }, { "id" : "CVE-2023-39326", "title" : "Denial of service via chunk extensions in net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39326" ], "unique" : false }, { "id" : "CVE-2023-45289", "title" : "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45289" ], "unique" : false }, { "id" : "CVE-2023-45290", "title" : "Memory exhaustion in multipart form parsing in net/textproto and net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45290" ], "unique" : false }, { "id" : "CVE-2025-22866", "title" : "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22866" ], "unique" : false }, { "id" : "CVE-2024-45341", "title" : "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45341" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-devel@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/golang@1.18.9-1.el9_1?arch=x86_64&distro=rhel-9.1&upstream=golang-1.18.9-1.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-24538", "title" : "Backticks not treated as string delimiters in html/template", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-24538" ], "unique" : false }, { "id" : "CVE-2025-4674", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4674" ], "unique" : false }, { "id" : "CVE-2025-61731", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2025-61731" ], "unique" : false }, { "id" : "CVE-2023-24540", "title" : "Improper handling of JavaScript whitespace in html/template", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-24540" ], "unique" : false }, { "id" : "CVE-2023-39323", "title" : "Arbitrary code execution during build via line directives in cmd/go", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-39323" ], "unique" : false }, { "id" : "CVE-2023-29403", "title" : "Unsafe behavior in setuid/setgid binaries in runtime", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29403" ], "unique" : false }, { "id" : "CVE-2022-2880", "title" : "Incorrect sanitization of forwarded query parameters in net/http/httputil", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2880" ], "unique" : false }, { "id" : "CVE-2022-41723", "title" : "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41723" ], "unique" : false }, { "id" : "CVE-2022-41724", "title" : "Panic on large handshake records in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41724" ], "unique" : false }, { "id" : "CVE-2022-41725", "title" : "Excessive resource consumption in mime/multipart", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41725" ], "unique" : false }, { "id" : "CVE-2023-24534", "title" : "Excessive memory allocation in net/http and net/textproto", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24534" ], "unique" : false }, { "id" : "CVE-2023-24536", "title" : "Excessive resource consumption in net/http, net/textproto and mime/multipart", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24536" ], "unique" : false }, { "id" : "CVE-2023-24537", "title" : "Infinite loop in parsing in go/scanner", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24537" ], "unique" : false }, { "id" : "CVE-2023-29404", "title" : "Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-29404" ], "unique" : false }, { "id" : "CVE-2023-29405", "title" : "Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-29405" ], "unique" : false }, { "id" : "CVE-2023-39321", "title" : "Panic when processing post-handshake message on QUIC connections in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39321" ], "unique" : false }, { "id" : "CVE-2023-39322", "title" : "Memory exhaustion in QUIC connection handling in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39322" ], "unique" : false }, { "id" : "CVE-2023-39325", "title" : "HTTP/2 rapid reset can cause excessive work in net/http", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39325" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2023-45285", "title" : "Command 'go get' may unexpectedly fallback to insecure git in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-45285" ], "unique" : false }, { "id" : "CVE-2023-45288", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-45288" ], "unique" : false }, { "id" : "CVE-2024-1394", "title" : "Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-1394" ], "unique" : false }, { "id" : "CVE-2024-24788", "title" : "Malformed DNS message can cause infinite loop in net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-24788" ], "unique" : false }, { "id" : "CVE-2024-34156", "title" : "Stack exhaustion in Decoder.Decode in encoding/gob", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-34156" ], "unique" : false }, { "id" : "CVE-2025-22874", "title" : "Usage of ExtKeyUsageAny disables policy validation in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-22874" ], "unique" : false }, { "id" : "CVE-2025-58183", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-58183" ], "unique" : false }, { "id" : "CVE-2025-61726", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61726" ], "unique" : false }, { "id" : "CVE-2025-61728", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61728" ], "unique" : false }, { "id" : "CVE-2025-61729", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61729" ], "unique" : false }, { "id" : "CVE-2026-25679", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-25679" ], "unique" : false }, { "id" : "CVE-2025-61732", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-61732" ], "unique" : false }, { "id" : "CVE-2025-68121", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2023-24539", "title" : "Improper sanitization of CSS values in html/template", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-24539" ], "unique" : false }, { "id" : "CVE-2023-29400", "title" : "Improper handling of empty HTML attributes in html/template", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-29400" ], "unique" : false }, { "id" : "CVE-2023-29402", "title" : "Code injection via go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-29402" ], "unique" : false }, { "id" : "CVE-2025-47907", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-47907" ], "unique" : false }, { "id" : "CVE-2025-4673", "title" : "Sensitive headers not cleared on cross-origin redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4673" ], "unique" : false }, { "id" : "CVE-2024-24790", "title" : "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24790" ], "unique" : false }, { "id" : "CVE-2022-27664", "title" : "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27664" ], "unique" : false }, { "id" : "CVE-2022-2879", "title" : "Unbounded memory consumption when reading headers in archive/tar", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2879" ], "unique" : false }, { "id" : "CVE-2022-32189", "title" : "Panic when decoding Float and Rat types in math/big", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32189" ], "unique" : false }, { "id" : "CVE-2022-41715", "title" : "Memory exhaustion when compiling regular expressions in regexp/syntax", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-41715" ], "unique" : false }, { "id" : "CVE-2023-29406", "title" : "Insufficient sanitization of Host header in net/http", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29406" ], "unique" : false }, { "id" : "CVE-2024-24785", "title" : "Errors returned from JSON marshaling may break template escaping in html/template", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24785" ], "unique" : false }, { "id" : "CVE-2024-9355", "title" : "Golang-fips: golang fips zeroed buffer", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9355" ], "unique" : false }, { "id" : "CVE-2025-47906", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-47906" ], "unique" : false }, { "id" : "CVE-2023-39318", "title" : "Improper handling of HTML-like comments in script contexts in html/template", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39318" ], "unique" : false }, { "id" : "CVE-2023-39319", "title" : "Improper handling of special tags within script contexts in html/template", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39319" ], "unique" : false }, { "id" : "CVE-2024-24783", "title" : "Verify panics on certificates with an unknown public key algorithm in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24783" ], "unique" : false }, { "id" : "CVE-2024-24791", "title" : "Denial of service due to improper 100-continue handling in net/http", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24791" ], "unique" : false }, { "id" : "CVE-2024-34155", "title" : "Stack exhaustion in all Parse functions in go/parser", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-34155" ], "unique" : false }, { "id" : "CVE-2024-34158", "title" : "Stack exhaustion in Parse in go/build/constraint", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-34158" ], "unique" : false }, { "id" : "CVE-2024-45336", "title" : "Sensitive headers incorrectly sent after cross-domain redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45336" ], "unique" : false }, { "id" : "CVE-2024-24789", "title" : "Mishandling of corrupt central directory record in archive/zip", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24789" ], "unique" : false }, { "id" : "CVE-2024-24784", "title" : "Comments in display names are incorrectly handled in net/mail", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24784" ], "unique" : false }, { "id" : "CVE-2025-22871", "title" : "Request smuggling due to acceptance of invalid chunked data in net/http", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22871" ], "unique" : false }, { "id" : "CVE-2022-41717", "title" : "Excessive memory growth in net/http and golang.org/x/net/http2", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-41717" ], "unique" : false }, { "id" : "CVE-2023-24532", "title" : "Incorrect calculation on P256 curves in crypto/internal/nistec", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-24532" ], "unique" : false }, { "id" : "CVE-2023-29409", "title" : "Large RSA keys can cause high CPU usage in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29409" ], "unique" : false }, { "id" : "CVE-2023-39326", "title" : "Denial of service via chunk extensions in net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39326" ], "unique" : false }, { "id" : "CVE-2023-45289", "title" : "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45289" ], "unique" : false }, { "id" : "CVE-2023-45290", "title" : "Memory exhaustion in multipart form parsing in net/textproto and net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45290" ], "unique" : false }, { "id" : "CVE-2025-22866", "title" : "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22866" ], "unique" : false }, { "id" : "CVE-2024-45341", "title" : "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45341" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-24538", "title" : "Backticks not treated as string delimiters in html/template", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-24538" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/golang-src@1.18.9-1.el9_1?arch=noarch&distro=rhel-9.1&upstream=golang-1.18.9-1.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-24538", "title" : "Backticks not treated as string delimiters in html/template", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-24538" ], "unique" : false }, { "id" : "CVE-2025-4674", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4674" ], "unique" : false }, { "id" : "CVE-2025-61731", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2025-61731" ], "unique" : false }, { "id" : "CVE-2023-24540", "title" : "Improper handling of JavaScript whitespace in html/template", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-24540" ], "unique" : false }, { "id" : "CVE-2023-39323", "title" : "Arbitrary code execution during build via line directives in cmd/go", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-39323" ], "unique" : false }, { "id" : "CVE-2023-29403", "title" : "Unsafe behavior in setuid/setgid binaries in runtime", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29403" ], "unique" : false }, { "id" : "CVE-2022-2880", "title" : "Incorrect sanitization of forwarded query parameters in net/http/httputil", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2880" ], "unique" : false }, { "id" : "CVE-2022-41723", "title" : "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41723" ], "unique" : false }, { "id" : "CVE-2022-41724", "title" : "Panic on large handshake records in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41724" ], "unique" : false }, { "id" : "CVE-2022-41725", "title" : "Excessive resource consumption in mime/multipart", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41725" ], "unique" : false }, { "id" : "CVE-2023-24534", "title" : "Excessive memory allocation in net/http and net/textproto", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24534" ], "unique" : false }, { "id" : "CVE-2023-24536", "title" : "Excessive resource consumption in net/http, net/textproto and mime/multipart", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24536" ], "unique" : false }, { "id" : "CVE-2023-24537", "title" : "Infinite loop in parsing in go/scanner", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24537" ], "unique" : false }, { "id" : "CVE-2023-29404", "title" : "Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-29404" ], "unique" : false }, { "id" : "CVE-2023-29405", "title" : "Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-29405" ], "unique" : false }, { "id" : "CVE-2023-39321", "title" : "Panic when processing post-handshake message on QUIC connections in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39321" ], "unique" : false }, { "id" : "CVE-2023-39322", "title" : "Memory exhaustion in QUIC connection handling in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39322" ], "unique" : false }, { "id" : "CVE-2023-39325", "title" : "HTTP/2 rapid reset can cause excessive work in net/http", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39325" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2023-45285", "title" : "Command 'go get' may unexpectedly fallback to insecure git in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-45285" ], "unique" : false }, { "id" : "CVE-2023-45288", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-45288" ], "unique" : false }, { "id" : "CVE-2024-1394", "title" : "Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-1394" ], "unique" : false }, { "id" : "CVE-2024-24788", "title" : "Malformed DNS message can cause infinite loop in net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-24788" ], "unique" : false }, { "id" : "CVE-2024-34156", "title" : "Stack exhaustion in Decoder.Decode in encoding/gob", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-34156" ], "unique" : false }, { "id" : "CVE-2025-22874", "title" : "Usage of ExtKeyUsageAny disables policy validation in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-22874" ], "unique" : false }, { "id" : "CVE-2025-58183", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-58183" ], "unique" : false }, { "id" : "CVE-2025-61726", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61726" ], "unique" : false }, { "id" : "CVE-2025-61728", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61728" ], "unique" : false }, { "id" : "CVE-2025-61729", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61729" ], "unique" : false }, { "id" : "CVE-2026-25679", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-25679" ], "unique" : false }, { "id" : "CVE-2025-61732", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-61732" ], "unique" : false }, { "id" : "CVE-2025-68121", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2023-24539", "title" : "Improper sanitization of CSS values in html/template", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-24539" ], "unique" : false }, { "id" : "CVE-2023-29400", "title" : "Improper handling of empty HTML attributes in html/template", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-29400" ], "unique" : false }, { "id" : "CVE-2023-29402", "title" : "Code injection via go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-29402" ], "unique" : false }, { "id" : "CVE-2025-47907", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-47907" ], "unique" : false }, { "id" : "CVE-2025-4673", "title" : "Sensitive headers not cleared on cross-origin redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4673" ], "unique" : false }, { "id" : "CVE-2024-24790", "title" : "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24790" ], "unique" : false }, { "id" : "CVE-2022-27664", "title" : "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27664" ], "unique" : false }, { "id" : "CVE-2022-2879", "title" : "Unbounded memory consumption when reading headers in archive/tar", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2879" ], "unique" : false }, { "id" : "CVE-2022-32189", "title" : "Panic when decoding Float and Rat types in math/big", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32189" ], "unique" : false }, { "id" : "CVE-2022-41715", "title" : "Memory exhaustion when compiling regular expressions in regexp/syntax", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-41715" ], "unique" : false }, { "id" : "CVE-2023-29406", "title" : "Insufficient sanitization of Host header in net/http", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29406" ], "unique" : false }, { "id" : "CVE-2024-24785", "title" : "Errors returned from JSON marshaling may break template escaping in html/template", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24785" ], "unique" : false }, { "id" : "CVE-2024-9355", "title" : "Golang-fips: golang fips zeroed buffer", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9355" ], "unique" : false }, { "id" : "CVE-2025-47906", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-47906" ], "unique" : false }, { "id" : "CVE-2023-39318", "title" : "Improper handling of HTML-like comments in script contexts in html/template", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39318" ], "unique" : false }, { "id" : "CVE-2023-39319", "title" : "Improper handling of special tags within script contexts in html/template", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39319" ], "unique" : false }, { "id" : "CVE-2024-24783", "title" : "Verify panics on certificates with an unknown public key algorithm in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24783" ], "unique" : false }, { "id" : "CVE-2024-24791", "title" : "Denial of service due to improper 100-continue handling in net/http", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24791" ], "unique" : false }, { "id" : "CVE-2024-34155", "title" : "Stack exhaustion in all Parse functions in go/parser", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-34155" ], "unique" : false }, { "id" : "CVE-2024-34158", "title" : "Stack exhaustion in Parse in go/build/constraint", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-34158" ], "unique" : false }, { "id" : "CVE-2024-45336", "title" : "Sensitive headers incorrectly sent after cross-domain redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45336" ], "unique" : false }, { "id" : "CVE-2024-24789", "title" : "Mishandling of corrupt central directory record in archive/zip", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24789" ], "unique" : false }, { "id" : "CVE-2024-24784", "title" : "Comments in display names are incorrectly handled in net/mail", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24784" ], "unique" : false }, { "id" : "CVE-2025-22871", "title" : "Request smuggling due to acceptance of invalid chunked data in net/http", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22871" ], "unique" : false }, { "id" : "CVE-2022-41717", "title" : "Excessive memory growth in net/http and golang.org/x/net/http2", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-41717" ], "unique" : false }, { "id" : "CVE-2023-24532", "title" : "Incorrect calculation on P256 curves in crypto/internal/nistec", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-24532" ], "unique" : false }, { "id" : "CVE-2023-29409", "title" : "Large RSA keys can cause high CPU usage in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29409" ], "unique" : false }, { "id" : "CVE-2023-39326", "title" : "Denial of service via chunk extensions in net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39326" ], "unique" : false }, { "id" : "CVE-2023-45289", "title" : "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45289" ], "unique" : false }, { "id" : "CVE-2023-45290", "title" : "Memory exhaustion in multipart form parsing in net/textproto and net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45290" ], "unique" : false }, { "id" : "CVE-2025-22866", "title" : "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22866" ], "unique" : false }, { "id" : "CVE-2024-45341", "title" : "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45341" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-24538", "title" : "Backticks not treated as string delimiters in html/template", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-24538" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/golang-bin@1.18.9-1.el9_1?arch=x86_64&distro=rhel-9.1&upstream=golang-1.18.9-1.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-24538", "title" : "Backticks not treated as string delimiters in html/template", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-24538" ], "unique" : false }, { "id" : "CVE-2025-4674", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4674" ], "unique" : false }, { "id" : "CVE-2025-61731", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2025-61731" ], "unique" : false }, { "id" : "CVE-2023-24540", "title" : "Improper handling of JavaScript whitespace in html/template", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-24540" ], "unique" : false }, { "id" : "CVE-2023-39323", "title" : "Arbitrary code execution during build via line directives in cmd/go", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-39323" ], "unique" : false }, { "id" : "CVE-2023-29403", "title" : "Unsafe behavior in setuid/setgid binaries in runtime", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29403" ], "unique" : false }, { "id" : "CVE-2022-2880", "title" : "Incorrect sanitization of forwarded query parameters in net/http/httputil", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2880" ], "unique" : false }, { "id" : "CVE-2022-41723", "title" : "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41723" ], "unique" : false }, { "id" : "CVE-2022-41724", "title" : "Panic on large handshake records in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41724" ], "unique" : false }, { "id" : "CVE-2022-41725", "title" : "Excessive resource consumption in mime/multipart", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41725" ], "unique" : false }, { "id" : "CVE-2023-24534", "title" : "Excessive memory allocation in net/http and net/textproto", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24534" ], "unique" : false }, { "id" : "CVE-2023-24536", "title" : "Excessive resource consumption in net/http, net/textproto and mime/multipart", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24536" ], "unique" : false }, { "id" : "CVE-2023-24537", "title" : "Infinite loop in parsing in go/scanner", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24537" ], "unique" : false }, { "id" : "CVE-2023-29404", "title" : "Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-29404" ], "unique" : false }, { "id" : "CVE-2023-29405", "title" : "Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-29405" ], "unique" : false }, { "id" : "CVE-2023-39321", "title" : "Panic when processing post-handshake message on QUIC connections in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39321" ], "unique" : false }, { "id" : "CVE-2023-39322", "title" : "Memory exhaustion in QUIC connection handling in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39322" ], "unique" : false }, { "id" : "CVE-2023-39325", "title" : "HTTP/2 rapid reset can cause excessive work in net/http", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39325" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2023-45285", "title" : "Command 'go get' may unexpectedly fallback to insecure git in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-45285" ], "unique" : false }, { "id" : "CVE-2023-45288", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-45288" ], "unique" : false }, { "id" : "CVE-2024-1394", "title" : "Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-1394" ], "unique" : false }, { "id" : "CVE-2024-24788", "title" : "Malformed DNS message can cause infinite loop in net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-24788" ], "unique" : false }, { "id" : "CVE-2024-34156", "title" : "Stack exhaustion in Decoder.Decode in encoding/gob", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-34156" ], "unique" : false }, { "id" : "CVE-2025-22874", "title" : "Usage of ExtKeyUsageAny disables policy validation in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-22874" ], "unique" : false }, { "id" : "CVE-2025-58183", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-58183" ], "unique" : false }, { "id" : "CVE-2025-61726", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61726" ], "unique" : false }, { "id" : "CVE-2025-61728", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61728" ], "unique" : false }, { "id" : "CVE-2025-61729", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-61729" ], "unique" : false }, { "id" : "CVE-2026-25679", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-25679" ], "unique" : false }, { "id" : "CVE-2025-61732", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-61732" ], "unique" : false }, { "id" : "CVE-2025-68121", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-68121" ], "unique" : false }, { "id" : "CVE-2023-24539", "title" : "Improper sanitization of CSS values in html/template", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-24539" ], "unique" : false }, { "id" : "CVE-2023-29400", "title" : "Improper handling of empty HTML attributes in html/template", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-29400" ], "unique" : false }, { "id" : "CVE-2023-29402", "title" : "Code injection via go command with cgo in cmd/go", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-29402" ], "unique" : false }, { "id" : "CVE-2025-47907", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-47907" ], "unique" : false }, { "id" : "CVE-2025-4673", "title" : "Sensitive headers not cleared on cross-origin redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4673" ], "unique" : false }, { "id" : "CVE-2024-24790", "title" : "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24790" ], "unique" : false }, { "id" : "CVE-2022-27664", "title" : "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27664" ], "unique" : false }, { "id" : "CVE-2022-2879", "title" : "Unbounded memory consumption when reading headers in archive/tar", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2879" ], "unique" : false }, { "id" : "CVE-2022-32189", "title" : "Panic when decoding Float and Rat types in math/big", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32189" ], "unique" : false }, { "id" : "CVE-2022-41715", "title" : "Memory exhaustion when compiling regular expressions in regexp/syntax", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-41715" ], "unique" : false }, { "id" : "CVE-2023-29406", "title" : "Insufficient sanitization of Host header in net/http", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29406" ], "unique" : false }, { "id" : "CVE-2024-24785", "title" : "Errors returned from JSON marshaling may break template escaping in html/template", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24785" ], "unique" : false }, { "id" : "CVE-2024-9355", "title" : "Golang-fips: golang fips zeroed buffer", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9355" ], "unique" : false }, { "id" : "CVE-2025-47906", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-47906" ], "unique" : false }, { "id" : "CVE-2023-39318", "title" : "Improper handling of HTML-like comments in script contexts in html/template", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39318" ], "unique" : false }, { "id" : "CVE-2023-39319", "title" : "Improper handling of special tags within script contexts in html/template", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39319" ], "unique" : false }, { "id" : "CVE-2024-24783", "title" : "Verify panics on certificates with an unknown public key algorithm in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24783" ], "unique" : false }, { "id" : "CVE-2024-24791", "title" : "Denial of service due to improper 100-continue handling in net/http", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24791" ], "unique" : false }, { "id" : "CVE-2024-34155", "title" : "Stack exhaustion in all Parse functions in go/parser", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-34155" ], "unique" : false }, { "id" : "CVE-2024-34158", "title" : "Stack exhaustion in Parse in go/build/constraint", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-34158" ], "unique" : false }, { "id" : "CVE-2024-45336", "title" : "Sensitive headers incorrectly sent after cross-domain redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45336" ], "unique" : false }, { "id" : "CVE-2024-24789", "title" : "Mishandling of corrupt central directory record in archive/zip", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24789" ], "unique" : false }, { "id" : "CVE-2024-24784", "title" : "Comments in display names are incorrectly handled in net/mail", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-24784" ], "unique" : false }, { "id" : "CVE-2025-22871", "title" : "Request smuggling due to acceptance of invalid chunked data in net/http", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22871" ], "unique" : false }, { "id" : "CVE-2022-41717", "title" : "Excessive memory growth in net/http and golang.org/x/net/http2", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-41717" ], "unique" : false }, { "id" : "CVE-2023-24532", "title" : "Incorrect calculation on P256 curves in crypto/internal/nistec", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-24532" ], "unique" : false }, { "id" : "CVE-2023-29409", "title" : "Large RSA keys can cause high CPU usage in crypto/tls", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29409" ], "unique" : false }, { "id" : "CVE-2023-39326", "title" : "Denial of service via chunk extensions in net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39326" ], "unique" : false }, { "id" : "CVE-2023-45289", "title" : "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45289" ], "unique" : false }, { "id" : "CVE-2023-45290", "title" : "Memory exhaustion in multipart form parsing in net/textproto and net/http", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45290" ], "unique" : false }, { "id" : "CVE-2025-22866", "title" : "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22866" ], "unique" : false }, { "id" : "CVE-2024-45341", "title" : "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45341" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-24538", "title" : "Backticks not treated as string delimiters in html/template", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-24538" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.19.1-24.el9_1?arch=x86_64&distro=rhel-9.1&upstream=krb5-1.19.1-24.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-headers@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/kernel-headers@5.14.0-162.18.1.el9_1?arch=x86_64&distro=rhel-9.1&upstream=kernel-5.14.0-162.18.1.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false }, { "id" : "CVE-2024-5154", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-5154" ], "unique" : false }, { "id" : "CVE-2025-21927", "title" : "nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21927" ], "unique" : false }, { "id" : "CVE-2023-1652", "title" : "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-1652" ], "unique" : false }, { "id" : "CVE-2023-52922", "title" : "can: bcm: Fix UAF in bcm_proc_show()", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-52922" ], "unique" : false }, { "id" : "CVE-2024-36971", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-36971" ], "unique" : false }, { "id" : "CVE-2025-21756", "title" : "vsock: Keep the binding until socket destruction", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-21756" ], "unique" : false }, { "id" : "CVE-2025-22020", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-22020" ], "unique" : false }, { "id" : "CVE-2025-38052", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38052" ], "unique" : false }, { "id" : "CVE-2025-38087", "title" : "net/sched: fix use-after-free in taprio_dev_notifier", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38087" ], "unique" : false }, { "id" : "CVE-2022-41723", "title" : "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41723" ], "unique" : false }, { "id" : "CVE-2025-38471", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-38471" ], "unique" : false }, { "id" : "CVE-2024-42284", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-42284" ], "unique" : false }, { "id" : "CVE-2024-53104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-53104" ], "unique" : false }, { "id" : "CVE-2025-37750", "title" : "smb: client: fix UAF in decryption with multichannel", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-37750" ], "unique" : false }, { "id" : "CVE-2025-38250", "title" : "Bluetooth: hci_core: Fix use-after-free in vhci_flush()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-38250" ], "unique" : false }, { "id" : "CVE-2022-49846", "title" : "udf: Fix a slab-out-of-bounds write bug in udf_find_entry()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2022-49846" ], "unique" : false }, { "id" : "CVE-2023-52933", "title" : "Squashfs: fix handling and sanity checking of xattr_ids count", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-52933" ], "unique" : false }, { "id" : "CVE-2023-53751", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-53751" ], "unique" : false }, { "id" : "CVE-2023-6606", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6606" ], "unique" : false }, { "id" : "CVE-2023-6610", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6610" ], "unique" : false }, { "id" : "CVE-2024-35937", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-35937" ], "unique" : false }, { "id" : "CVE-2024-38538", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-38538" ], "unique" : false }, { "id" : "CVE-2024-53150", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-53150" ], "unique" : false }, { "id" : "CVE-2024-57947", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-57947" ], "unique" : false }, { "id" : "CVE-2025-21887", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21887" ], "unique" : false }, { "id" : "CVE-2025-21893", "title" : "keys: Fix UAF in key_put()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21893" ], "unique" : false }, { "id" : "CVE-2025-21920", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21920" ], "unique" : false }, { "id" : "CVE-2025-21969", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21969" ], "unique" : false }, { "id" : "CVE-2025-21979", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21979" ], "unique" : false }, { "id" : "CVE-2025-21993", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21993" ], "unique" : false }, { "id" : "CVE-2025-21997", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21997" ], "unique" : false }, { "id" : "CVE-2025-22026", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22026" ], "unique" : false }, { "id" : "CVE-2025-22055", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22055" ], "unique" : false }, { "id" : "CVE-2025-22058", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22058" ], "unique" : false }, { "id" : "CVE-2025-22104", "title" : "ibmvnic: Use kernel helpers for hex dumps", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22104" ], "unique" : false }, { "id" : "CVE-2025-22113", "title" : "ext4: avoid journaling sb update on error if journal is destroying", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22113" ], "unique" : false }, { "id" : "CVE-2025-22121", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22121" ], "unique" : false }, { "id" : "CVE-2025-37738", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37738" ], "unique" : false }, { "id" : "CVE-2025-37799", "title" : "vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37799" ], "unique" : false }, { "id" : "CVE-2025-38264", "title" : "nvme-tcp: sanitize request list handling", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-38264" ], "unique" : false }, { "id" : "CVE-2022-49977", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-49977" ], "unique" : false }, { "id" : "CVE-2022-50066", "title" : "net: atlantic: fix aq_vec index out of range error", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-50066" ], "unique" : false }, { "id" : "CVE-2023-53047", "title" : "tee: amdtee: fix race condition in amdtee_open_session", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53047" ], "unique" : false }, { "id" : "CVE-2023-53107", "title" : "veth: Fix use after free in XDP_REDIRECT", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53107" ], "unique" : false }, { "id" : "CVE-2023-6932", "title" : "Use-after-free in Linux kernel's ipv4: igmp component", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-6932" ], "unique" : false }, { "id" : "CVE-2024-0646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-0646" ], "unique" : false }, { "id" : "CVE-2024-46858", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-46858" ], "unique" : false }, { "id" : "CVE-2024-50154", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-50154" ], "unique" : false }, { "id" : "CVE-2024-53141", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-53141" ], "unique" : false }, { "id" : "CVE-2025-21727", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21727" ], "unique" : false }, { "id" : "CVE-2025-21764", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21764" ], "unique" : false }, { "id" : "CVE-2025-21867", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21867" ], "unique" : false }, { "id" : "CVE-2025-21919", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21919" ], "unique" : false }, { "id" : "CVE-2025-21926", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21926" ], "unique" : false }, { "id" : "CVE-2025-21966", "title" : "dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21966" ], "unique" : false }, { "id" : "CVE-2025-22004", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22004" ], "unique" : false }, { "id" : "CVE-2025-22126", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22126" ], "unique" : false }, { "id" : "CVE-2025-37797", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37797" ], "unique" : false }, { "id" : "CVE-2025-37803", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37803" ], "unique" : false }, { "id" : "CVE-2025-37890", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37890" ], "unique" : false }, { "id" : "CVE-2025-37914", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37914" ], "unique" : false }, { "id" : "CVE-2025-37943", "title" : "wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37943" ], "unique" : false }, { "id" : "CVE-2025-38079", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38079" ], "unique" : false }, { "id" : "CVE-2025-38086", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38086" ], "unique" : false }, { "id" : "CVE-2025-38124", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38124" ], "unique" : false }, { "id" : "CVE-2025-38177", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38177" ], "unique" : false }, { "id" : "CVE-2025-38200", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38200" ], "unique" : false }, { "id" : "CVE-2025-38332", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38332" ], "unique" : false }, { "id" : "CVE-2022-50616", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50616" ], "unique" : false }, { "id" : "CVE-2024-56614", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56614" ], "unique" : false }, { "id" : "CVE-2024-56615", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56615" ], "unique" : false }, { "id" : "CVE-2025-21883", "title" : "ice: Fix deinitializing VF in error path", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21883" ], "unique" : false }, { "id" : "CVE-2025-21928", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21928" ], "unique" : false }, { "id" : "CVE-2025-21929", "title" : "HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21929" ], "unique" : false }, { "id" : "CVE-2025-21991", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21991" ], "unique" : false }, { "id" : "CVE-2025-22085", "title" : "RDMA/core: Fix use-after-free when rename device name", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22085" ], "unique" : false }, { "id" : "CVE-2021-47383", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2021-47383" ], "unique" : false }, { "id" : "CVE-2025-21759", "title" : "ipv6: mcast: extend RCU protection in igmp6_send()", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21759" ], "unique" : false }, { "id" : "CVE-2023-28746", "title" : "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28746" ], "unique" : false }, { "id" : "CVE-2023-6356", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6356" ], "unique" : false }, { "id" : "CVE-2023-6535", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6535" ], "unique" : false }, { "id" : "CVE-2023-6536", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6536" ], "unique" : false }, { "id" : "CVE-2024-21823", "title" : "Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21823" ], "unique" : false }, { "id" : "CVE-2025-21999", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21999" ], "unique" : false }, { "id" : "CVE-2025-38350", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38350" ], "unique" : false }, { "id" : "CVE-2024-46695", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46695" ], "unique" : false }, { "id" : "CVE-2024-50275", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50275" ], "unique" : false }, { "id" : "CVE-2024-42292", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42292" ], "unique" : false }, { "id" : "CVE-2024-50302", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50302" ], "unique" : false }, { "id" : "CVE-2022-49395", "title" : "um: Fix out-of-bounds read in LDT setup", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49395" ], "unique" : false }, { "id" : "CVE-2023-5090", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5090" ], "unique" : false }, { "id" : "CVE-2024-26664", "title" : "hwmon: (coretemp) Fix out-of-bounds memory access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26664" ], "unique" : false }, { "id" : "CVE-2024-50264", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50264" ], "unique" : false }, { "id" : "CVE-2025-38110", "title" : "net/mdiobus: Fix potential out-of-bounds clause 45 read/write access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38110" ], "unique" : false }, { "id" : "CVE-2024-53122", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53122" ], "unique" : false }, { "id" : "CVE-2024-53197", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53197" ], "unique" : false }, { "id" : "CVE-2024-36941", "title" : "wifi: nl80211: don't free NULL coalescing rule", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36941" ], "unique" : false }, { "id" : "CVE-2024-38627", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38627" ], "unique" : false }, { "id" : "CVE-2022-50042", "title" : "net: genl: fix error path memory leak in policy dumping", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50042" ], "unique" : false }, { "id" : "CVE-2022-50678", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50678" ], "unique" : false }, { "id" : "CVE-2023-1074", "title" : "A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1074" ], "unique" : false }, { "id" : "CVE-2023-45862", "title" : "An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45862" ], "unique" : false }, { "id" : "CVE-2023-52490", "title" : "mm: migrate: fix getting incorrect page mapping during page migration", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52490" ], "unique" : false }, { "id" : "CVE-2023-52658", "title" : "Revert \"net/mlx5: Block entering switchdev mode with ns inconsistency\"", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52658" ], "unique" : false }, { "id" : "CVE-2023-53597", "title" : "cifs: fix mid leak during reconnection after timeout threshold", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53597" ], "unique" : false }, { "id" : "CVE-2023-53704", "title" : "clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53704" ], "unique" : false }, { "id" : "CVE-2023-54004", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54004" ], "unique" : false }, { "id" : "CVE-2023-54093", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54093" ], "unique" : false }, { "id" : "CVE-2023-54271", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54271" ], "unique" : false }, { "id" : "CVE-2023-7192", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7192" ], "unique" : false }, { "id" : "CVE-2024-0443", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0443" ], "unique" : false }, { "id" : "CVE-2024-26615", "title" : "net/smc: fix illegal rmb_desc access in SMC-D connection dump", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26615" ], "unique" : false }, { "id" : "CVE-2024-26878", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26878" ], "unique" : false }, { "id" : "CVE-2024-27046", "title" : "nfp: flower: handle acti_netdevs allocation failure", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27046" ], "unique" : false }, { "id" : "CVE-2024-27052", "title" : "wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27052" ], "unique" : false }, { "id" : "CVE-2024-35789", "title" : "wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35789" ], "unique" : false }, { "id" : "CVE-2024-35852", "title" : "mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35852" ], "unique" : false }, { "id" : "CVE-2024-35890", "title" : "gro: fix ownership transfer", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35890" ], "unique" : false }, { "id" : "CVE-2024-35907", "title" : "mlxbf_gige: call request_irq() after NAPI initialized", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35907" ], "unique" : false }, { "id" : "CVE-2024-35952", "title" : "drm/ast: Fix soft lockup", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35952" ], "unique" : false }, { "id" : "CVE-2024-35989", "title" : "dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35989" ], "unique" : false }, { "id" : "CVE-2024-39483", "title" : "KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-39483" ], "unique" : false }, { "id" : "CVE-2024-40959", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-40959" ], "unique" : false }, { "id" : "CVE-2024-41035", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41035" ], "unique" : false }, { "id" : "CVE-2024-41064", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41064" ], "unique" : false }, { "id" : "CVE-2024-42079", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42079" ], "unique" : false }, { "id" : "CVE-2024-42272", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42272" ], "unique" : false }, { "id" : "CVE-2024-42283", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42283" ], "unique" : false }, { "id" : "CVE-2024-42322", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42322" ], "unique" : false }, { "id" : "CVE-2024-43854", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43854" ], "unique" : false }, { "id" : "CVE-2024-44990", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44990" ], "unique" : false }, { "id" : "CVE-2024-44994", "title" : "iommu: Restore lost return in iommu_report_device_fault()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44994" ], "unique" : false }, { "id" : "CVE-2024-45018", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45018" ], "unique" : false }, { "id" : "CVE-2024-46713", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46713" ], "unique" : false }, { "id" : "CVE-2024-46824", "title" : "iommufd: Require drivers to supply the cache_invalidate_user ops", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46824" ], "unique" : false }, { "id" : "CVE-2024-49949", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-49949" ], "unique" : false }, { "id" : "CVE-2024-50208", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50208" ], "unique" : false }, { "id" : "CVE-2024-50251", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50251" ], "unique" : false }, { "id" : "CVE-2024-50252", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50252" ], "unique" : false }, { "id" : "CVE-2024-53113", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53113" ], "unique" : false }, { "id" : "CVE-2025-21669", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21669" ], "unique" : false }, { "id" : "CVE-2025-21962", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21962" ], "unique" : false }, { "id" : "CVE-2025-21963", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21963" ], "unique" : false }, { "id" : "CVE-2025-21964", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21964" ], "unique" : false }, { "id" : "CVE-2025-37785", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-37785" ], "unique" : false }, { "id" : "CVE-2025-38234", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38234" ], "unique" : false }, { "id" : "CVE-2023-52448", "title" : "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52448" ], "unique" : false }, { "id" : "CVE-2023-53755", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53755" ], "unique" : false }, { "id" : "CVE-2024-47745", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47745" ], "unique" : false }, { "id" : "CVE-2024-53088", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53088" ], "unique" : false }, { "id" : "CVE-2025-21961", "title" : "eth: bnxt: fix truesize for mb-xdp-pass case", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21961" ], "unique" : false }, { "id" : "CVE-2025-22036", "title" : "exfat: fix random stack corruption after get_block", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22036" ], "unique" : false }, { "id" : "CVE-2025-38417", "title" : "ice: fix eswitch code memory leak in reset scenario", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38417" ], "unique" : false }, { "id" : "CVE-2023-52771", "title" : "cxl/port: Fix delete_endpoint() vs parent unregistration race", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52771" ], "unique" : false }, { "id" : "CVE-2023-52864", "title" : "platform/x86: wmi: Fix opening of char device", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52864" ], "unique" : false }, { "id" : "CVE-2024-26855", "title" : "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26855" ], "unique" : false }, { "id" : "CVE-2024-35845", "title" : "wifi: iwlwifi: dbg-tlv: ensure NUL termination", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35845" ], "unique" : false }, { "id" : "CVE-2024-36922", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36922" ], "unique" : false }, { "id" : "CVE-2024-38555", "title" : "net/mlx5: Discard command completions in internal error", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38555" ], "unique" : false }, { "id" : "CVE-2024-38556", "title" : "net/mlx5: Add a timeout to acquire the command queue semaphore", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38556" ], "unique" : false }, { "id" : "CVE-2024-43855", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43855" ], "unique" : false }, { "id" : "CVE-2024-46826", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46826" ], "unique" : false }, { "id" : "CVE-2024-26897", "title" : "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26897" ], "unique" : false }, { "id" : "CVE-2024-38586", "title" : "r8169: Fix possible ring buffer corruption on fragmented Tx packets.", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38586" ], "unique" : false }, { "id" : "CVE-2022-50846", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2022-50846" ], "unique" : false }, { "id" : "CVE-2023-53639", "title" : "wifi: ath6kl: reduce WARN to dev_dbg() in callback", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-53639" ], "unique" : false }, { "id" : "CVE-2023-54153", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-54153" ], "unique" : false }, { "id" : "CVE-2023-54267", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2023-54267" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-devel@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-19.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=curl-7.76.1-19.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl = 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-21824" ], "unique" : false }, { "id" : "CVE-2022-35255", "title" : "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-35255" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2024-21892", "title" : "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-21892" ], "unique" : false }, { "id" : "CVE-2024-21896", "title" : "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 7.9, "severity" : "HIGH", "cves" : [ "CVE-2024-21896" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false }, { "id" : "CVE-2022-3517", "title" : "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3517" ], "unique" : false }, { "id" : "CVE-2022-43548", "title" : "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-43548" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-23919", "title" : "A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23919" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-38552", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-38552" ], "unique" : false }, { "id" : "CVE-2023-39331", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39331" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2021-44531", "title" : "Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44531" ], "unique" : false }, { "id" : "CVE-2021-44532", "title" : "Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44532" ], "unique" : false }, { "id" : "CVE-2021-44533", "title" : "Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44533" ], "unique" : false }, { "id" : "CVE-2024-22017", "title" : "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-22017" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2024-21891", "title" : "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21891" ], "unique" : false }, { "id" : "CVE-2022-35256", "title" : "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35256" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22020", "title" : "A security flaw in Node.js allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22020" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2025-23167", "title" : "A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\\r\\n\\rX` instead of the required `\\r\\n\\r\\n`.\nThis inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.\n\nThe issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.\n\nImpact:\n* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23167" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2023-46809", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46809" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2023-39333", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39333" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-55132" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-21890", "title" : "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21890" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2023-45143", "title" : "Undici's cookie header not cleared on cross-origin redirect in fetch", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2023-45143" ], "unique" : false }, { "id" : "CVE-2024-36137", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-36137" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2021-44906", "title" : "Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2021-44906" ], "unique" : false }, { "id" : "CVE-2024-22018", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2024-22018" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/nodejs@16.18.1-3.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=nodejs-16.18.1-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false }, { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false }, { "id" : "CVE-2022-4904", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-4904" ], "unique" : false }, { "id" : "CVE-2022-21824", "title" : "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-21824" ], "unique" : false }, { "id" : "CVE-2022-35255", "title" : "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-35255" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2024-21892", "title" : "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-21892" ], "unique" : false }, { "id" : "CVE-2024-21896", "title" : "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 7.9, "severity" : "HIGH", "cves" : [ "CVE-2024-21896" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false }, { "id" : "CVE-2022-3517", "title" : "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3517" ], "unique" : false }, { "id" : "CVE-2022-43548", "title" : "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-43548" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-23919", "title" : "A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23919" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-38552", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-38552" ], "unique" : false }, { "id" : "CVE-2023-39331", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39331" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2021-44531", "title" : "Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44531" ], "unique" : false }, { "id" : "CVE-2021-44532", "title" : "Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44532" ], "unique" : false }, { "id" : "CVE-2021-44533", "title" : "Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44533" ], "unique" : false }, { "id" : "CVE-2024-22017", "title" : "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-22017" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2024-21891", "title" : "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21891" ], "unique" : false }, { "id" : "CVE-2022-35256", "title" : "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35256" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22020", "title" : "A security flaw in Node.js allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22020" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2025-23167", "title" : "A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\\r\\n\\rX` instead of the required `\\r\\n\\r\\n`.\nThis inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.\n\nThe issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.\n\nImpact:\n* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23167" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2023-46809", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46809" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2023-39333", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39333" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-55132" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-21890", "title" : "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21890" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2023-45143", "title" : "Undici's cookie header not cleared on cross-origin redirect in fetch", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2023-45143" ], "unique" : false }, { "id" : "CVE-2024-36137", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-36137" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2021-44906", "title" : "Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2021-44906" ], "unique" : false }, { "id" : "CVE-2024-22018", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2024-22018" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2025-9231", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9231" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-28388", "title" : "NULL Pointer Dereference When Processing a Delta CRL", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28388" ], "unique" : false }, { "id" : "CVE-2026-28389", "title" : "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28389" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-31789", "title" : "Heap Buffer Overflow in Hexadecimal Conversion", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31789" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2026-28386", "title" : "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-28386" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-28387", "title" : "Potential Use-after-free in DANE Client Code", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-28387" ], "unique" : false }, { "id" : "CVE-2025-9232", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2025-9232" ], "unique" : false }, { "id" : "CVE-2026-2673", "title" : "OpenSSL TLS 1.3 server may choose unexpected key agreement group", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2026-2673" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/nodejs-libs@16.18.1-3.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=nodejs-16.18.1-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false }, { "id" : "CVE-2022-4904", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-4904" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-55132" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-32006", "title" : "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-32006" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.1&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.1&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.1&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gd-devel@2.3.2-3.el9?arch=x86_64&distro=rhel-9.1&upstream=gd-2.3.2-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libwebp@1.2.0-3.el9?arch=x86_64&distro=rhel-9.1&upstream=libwebp-1.2.0-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false }, { "id" : "CVE-2023-1999", "title" : "Use after free in libwebp", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-1999" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libwebp-devel@1.2.0-3.el9?arch=x86_64&distro=rhel-9.1&upstream=libwebp-1.2.0-3.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false }, { "id" : "CVE-2023-1999", "title" : "Use after free in libwebp", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-1999" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-4863", "title" : "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "source" : "redhat-csaf", "cvssScore" : 9.6, "severity" : "CRITICAL", "cves" : [ "CVE-2023-4863" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtiff-devel@4.4.0-5.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libtiff-4.4.0-5.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2022-3970", "title" : "LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-3970" ], "unique" : false }, { "id" : "CVE-2025-9900", "title" : "Libtiff: libtiff write-what-where", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-9900" ], "unique" : false }, { "id" : "CVE-2025-8176", "title" : "LibTIFF tiffmedian.c get_histogram use after free", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8176" ], "unique" : false }, { "id" : "CVE-2017-17095", "title" : "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2017-17095" ], "unique" : false }, { "id" : "CVE-2023-52355", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52355" ], "unique" : false }, { "id" : "CVE-2023-52356", "title" : "Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52356" ], "unique" : false }, { "id" : "CVE-2024-7006", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-7006" ], "unique" : false }, { "id" : "CVE-2022-3597", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3597" ], "unique" : false }, { "id" : "CVE-2022-3598", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3598" ], "unique" : false }, { "id" : "CVE-2022-3599", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3599" ], "unique" : false }, { "id" : "CVE-2022-3626", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3626" ], "unique" : false }, { "id" : "CVE-2022-3627", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3627" ], "unique" : false }, { "id" : "CVE-2022-40090", "title" : "An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40090" ], "unique" : false }, { "id" : "CVE-2023-3618", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3618" ], "unique" : false }, { "id" : "CVE-2023-40745", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-40745" ], "unique" : false }, { "id" : "CVE-2023-41175", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-41175" ], "unique" : false }, { "id" : "CVE-2023-30774", "title" : "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30774" ], "unique" : false }, { "id" : "CVE-2023-30775", "title" : "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30775" ], "unique" : false }, { "id" : "CVE-2023-0795", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0795" ], "unique" : false }, { "id" : "CVE-2023-0796", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0796" ], "unique" : false }, { "id" : "CVE-2023-0797", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0797" ], "unique" : false }, { "id" : "CVE-2023-0798", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0798" ], "unique" : false }, { "id" : "CVE-2023-0800", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0800" ], "unique" : false }, { "id" : "CVE-2023-0801", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0801" ], "unique" : false }, { "id" : "CVE-2023-0802", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0802" ], "unique" : false }, { "id" : "CVE-2023-0803", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0803" ], "unique" : false }, { "id" : "CVE-2023-0804", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0804" ], "unique" : false }, { "id" : "CVE-2022-4645", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4645" ], "unique" : false }, { "id" : "CVE-2022-3570", "title" : "Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3570" ], "unique" : false }, { "id" : "CVE-2022-48281", "title" : "processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48281" ], "unique" : false }, { "id" : "CVE-2023-0799", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0799" ], "unique" : false }, { "id" : "CVE-2023-26965", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26965" ], "unique" : false }, { "id" : "CVE-2023-26966", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26966" ], "unique" : false }, { "id" : "CVE-2023-2731", "title" : "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2731" ], "unique" : false }, { "id" : "CVE-2023-30086", "title" : "Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30086" ], "unique" : false }, { "id" : "CVE-2023-3316", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3316" ], "unique" : false }, { "id" : "CVE-2023-3576", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3576" ], "unique" : false }, { "id" : "CVE-2023-6228", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-6228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3970", "title" : "LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-3970" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtiff@4.4.0-5.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libtiff-4.4.0-5.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2022-3970", "title" : "LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-3970" ], "unique" : false }, { "id" : "CVE-2025-9900", "title" : "Libtiff: libtiff write-what-where", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-9900" ], "unique" : false }, { "id" : "CVE-2025-8176", "title" : "LibTIFF tiffmedian.c get_histogram use after free", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-8176" ], "unique" : false }, { "id" : "CVE-2017-17095", "title" : "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2017-17095" ], "unique" : false }, { "id" : "CVE-2023-52355", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52355" ], "unique" : false }, { "id" : "CVE-2023-52356", "title" : "Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52356" ], "unique" : false }, { "id" : "CVE-2024-7006", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-7006" ], "unique" : false }, { "id" : "CVE-2022-3597", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3597" ], "unique" : false }, { "id" : "CVE-2022-3598", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3598" ], "unique" : false }, { "id" : "CVE-2022-3599", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3599" ], "unique" : false }, { "id" : "CVE-2022-3626", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3626" ], "unique" : false }, { "id" : "CVE-2022-3627", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3627" ], "unique" : false }, { "id" : "CVE-2022-40090", "title" : "An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40090" ], "unique" : false }, { "id" : "CVE-2023-3618", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3618" ], "unique" : false }, { "id" : "CVE-2023-40745", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-40745" ], "unique" : false }, { "id" : "CVE-2023-41175", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-41175" ], "unique" : false }, { "id" : "CVE-2023-30774", "title" : "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30774" ], "unique" : false }, { "id" : "CVE-2023-30775", "title" : "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30775" ], "unique" : false }, { "id" : "CVE-2023-0795", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0795" ], "unique" : false }, { "id" : "CVE-2023-0796", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0796" ], "unique" : false }, { "id" : "CVE-2023-0797", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0797" ], "unique" : false }, { "id" : "CVE-2023-0798", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0798" ], "unique" : false }, { "id" : "CVE-2023-0800", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0800" ], "unique" : false }, { "id" : "CVE-2023-0801", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0801" ], "unique" : false }, { "id" : "CVE-2023-0802", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0802" ], "unique" : false }, { "id" : "CVE-2023-0803", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0803" ], "unique" : false }, { "id" : "CVE-2023-0804", "title" : "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0804" ], "unique" : false }, { "id" : "CVE-2022-4645", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4645" ], "unique" : false }, { "id" : "CVE-2022-3570", "title" : "Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3570" ], "unique" : false }, { "id" : "CVE-2022-48281", "title" : "processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48281" ], "unique" : false }, { "id" : "CVE-2023-0799", "title" : "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0799" ], "unique" : false }, { "id" : "CVE-2023-26965", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26965" ], "unique" : false }, { "id" : "CVE-2023-26966", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-26966" ], "unique" : false }, { "id" : "CVE-2023-2731", "title" : "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2731" ], "unique" : false }, { "id" : "CVE-2023-30086", "title" : "Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30086" ], "unique" : false }, { "id" : "CVE-2023-3316", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3316" ], "unique" : false }, { "id" : "CVE-2023-3576", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3576" ], "unique" : false }, { "id" : "CVE-2025-61143", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61143" ], "unique" : false }, { "id" : "CVE-2025-61144", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61144" ], "unique" : false }, { "id" : "CVE-2025-61145", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-61145" ], "unique" : false }, { "id" : "CVE-2023-6228", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-6228" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3970", "title" : "LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-3970" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@53.0.0-10.el9_1.1?arch=noarch&distro=rhel-9.1&upstream=python-setuptools-53.0.0-10.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/graphite2@1.3.14-9.el9?arch=x86_64&distro=rhel-9.1&upstream=graphite2-1.3.14-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2017-5436", "title" : "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2017-5436" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.9.14-1.el9_1.2?arch=x86_64&distro=rhel-9.1&upstream=python3.9-3.9.14-1.el9_1.2.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3@3.9.14-1.el9_1.2?arch=x86_64&distro=rhel-9.1&upstream=python3.9-3.9.14-1.el9_1.2.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2026-6100", "title" : "Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-6100" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2026-4786", "title" : "Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4786" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2026-5713", "title" : "Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5713" ], "unique" : false }, { "id" : "CVE-2025-13837", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13837" ], "unique" : false }, { "id" : "CVE-2026-4224", "title" : "Stack overflow parsing XML with deeply nested DTD content models", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4224" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2026-3644", "title" : "Incomplete control character validation in http.cookies", "source" : "redhat-csaf", "cvssScore" : 5.4, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3644" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2025-12781", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-12781" ], "unique" : false }, { "id" : "CVE-2026-3446", "title" : "Base64 decoding stops at first padded quad by default", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3446" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2025-15282", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15282" ], "unique" : false }, { "id" : "CVE-2025-11468", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11468" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2026-1502", "title" : "HTTP client proxy tunnel headers not validated for CR/LF", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1502" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2026-2297", "title" : "SourcelessFileLoader does not use io.open_code()", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-2297" ], "unique" : false }, { "id" : "CVE-2026-3479", "title" : "pkgutil.get_data() does not enforce documented restrictions", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-3479" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false }, { "id" : "CVE-2025-13462", "title" : "tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-13462" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype@2.10.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false }, { "id" : "CVE-2026-23865", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-23865" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/freetype-devel@2.10.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=freetype-2.10.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-27363", "title" : "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-27363" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-common@1.7.0-7.el9?arch=noarch&distro=rhel-9.1&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.2-8.20210508.el9?arch=noarch&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.2-8.20210508.el9?arch=x86_64&distro=rhel-9.1&upstream=ncurses-6.2-8.20210508.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11@1.7.0-7.el9?arch=x86_64&distro=rhel-9.1&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-8.el9?arch=x86_64&distro=rhel-9.1&upstream=libcap-2.48-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2026-4878", "title" : "Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4878" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-xcb@1.7.0-7.el9?arch=x86_64&distro=rhel-9.1&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libX11-devel@1.7.0-7.el9?arch=x86_64&distro=rhel-9.1&upstream=libX11-1.7.0-7.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false }, { "id" : "CVE-2023-3138", "title" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-3138" ], "unique" : false }, { "id" : "CVE-2023-43785", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43785" ], "unique" : false }, { "id" : "CVE-2023-43786", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43786" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43787", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-43787" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.68.4-5.el9?arch=x86_64&distro=rhel-9.1&upstream=glib2-2.68.4-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false }, { "id" : "CVE-2025-7039", "title" : "Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-7039" ], "unique" : false }, { "id" : "CVE-2026-0988", "title" : "Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0988" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2-devel@2.68.4-5.el9?arch=x86_64&distro=rhel-9.1&upstream=glib2-2.68.4-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.34.1-6.el9_1?arch=x86_64&distro=rhel-9.1&upstream=sqlite-3.34.1-6.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpng@1.6.37-12.el9?arch=x86_64&distro=rhel-9.1&epoch=2&upstream=libpng-1.6.37-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false }, { "id" : "CVE-2026-33416", "title" : "LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-33416" ], "unique" : false }, { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2025-66293", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-66293" ], "unique" : false }, { "id" : "CVE-2026-25646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-25646" ], "unique" : false }, { "id" : "CVE-2026-22801", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22801" ], "unique" : false }, { "id" : "CVE-2025-28162", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28162" ], "unique" : false }, { "id" : "CVE-2025-64506", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64506" ], "unique" : false }, { "id" : "CVE-2026-22695", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22695" ], "unique" : false }, { "id" : "CVE-2026-3713", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3713" ], "unique" : false }, { "id" : "CVE-2025-28164", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-28164" ], "unique" : false }, { "id" : "CVE-2025-64505", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-64505" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-33636", "title" : "LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2026-33636" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli-devel@1.0.9-6.el9?arch=x86_64&distro=rhel-9.1&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-12.el9_0?arch=x86_64&distro=rhel-9.1&upstream=gnutls-3.7.6-12.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2023-0361", "title" : "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0361" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.4.9-1.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=expat-2.4.9-1.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2022-23990", "title" : "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-23990" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libbrotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.1&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli@1.0.9-6.el9?arch=x86_64&distro=rhel-9.1&upstream=brotli-1.0.9-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-devel@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.1&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz-devel@2.7.4-8.el9?arch=x86_64&distro=rhel-9.1&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.1&upstream=xz-5.2.5-8.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz-icu@2.7.4-8.el9?arch=x86_64&distro=rhel-9.1&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/harfbuzz@2.7.4-8.el9?arch=x86_64&distro=rhel-9.1&upstream=harfbuzz-2.7.4-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false }, { "id" : "CVE-2026-22693", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22693" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-25193", "title" : "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-25193" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libjpeg-turbo-devel@2.0.90-5.el9?arch=x86_64&distro=rhel-9.1&upstream=libjpeg-turbo-2.0.90-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false }, { "id" : "CVE-2021-46822", "title" : "The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46822" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9?arch=x86_64&distro=rhel-9.1&epoch=2&upstream=libpng-1.6.37-12.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2025-66293", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-66293" ], "unique" : false }, { "id" : "CVE-2026-25646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2026-25646" ], "unique" : false }, { "id" : "CVE-2026-22801", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22801" ], "unique" : false }, { "id" : "CVE-2026-22695", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22695" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libjpeg-turbo@2.0.90-5.el9?arch=x86_64&distro=rhel-9.1&upstream=libjpeg-turbo-2.0.90-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false }, { "id" : "CVE-2021-46822", "title" : "The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46822" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-29390", "title" : "libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2021-29390" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pixman@0.40.0-5.el9?arch=x86_64&distro=rhel-9.1&upstream=pixman-0.40.0-5.el9.src.rpm", "issues" : [ { "id" : "CVE-2022-44638", "title" : "In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-44638" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-44638", "title" : "In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-44638" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu@67.1-9.el9?arch=x86_64&distro=rhel-9.1&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libicu-devel@67.1-9.el9?arch=x86_64&distro=rhel-9.1&upstream=icu-67.1-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5222", "title" : "Icu: stack buffer overflow in the srbroot::addtag function", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-5222" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid-devel@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount-devel@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false }, { "id" : "CVE-2026-3184", "title" : "Util-linux: util-linux: access control bypass due to improper hostname canonicalization", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3184" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.37.4-9.el9?arch=x86_64&distro=rhel-9.1&upstream=util-linux-2.37.4-9.el9.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgomp@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.16.0-8.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libtasn1-4.16.0-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libXpm@3.5.13-8.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libXpm-3.5.13-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false }, { "id" : "CVE-2023-43789", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43789" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@21.2.3-6.el9?arch=noarch&distro=rhel-9.1&upstream=python-pip-21.2.3-6.el9.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libXpm-devel@3.5.13-8.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libXpm-3.5.13-8.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false }, { "id" : "CVE-2023-43789", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43789" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-43788", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-43788" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/p11-kit@0.24.1-2.el9?arch=x86_64&distro=rhel-9.1&upstream=p11-kit-0.24.1-2.el9.src.rpm", "issues" : [ { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-2100", "title" : "P11-kit: null dereference via c_derivekey with specific null parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2100" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-devel@1.0.8-8.el9?arch=x86_64&distro=rhel-9.1&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.8-8.el9?arch=x86_64&distro=rhel-9.1&upstream=bzip2-1.0.8-8.el9.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/scl-utils@2.0.3-2.el9?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=scl-utils-2.0.3-2.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.1&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.19.1-24.el9_1?arch=x86_64&distro=rhel-9.1&upstream=krb5-1.19.1-24.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/less@590-1.el9_0?arch=x86_64&distro=rhel-9.1&upstream=less-590-1.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false }, { "id" : "CVE-2022-46663", "title" : "In GNU Less before 609, crafted data can result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-46663" ], "unique" : false }, { "id" : "CVE-2022-48624", "title" : "close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-48624" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-32487", "title" : "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2024-32487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-19.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=curl-7.76.1-19.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl = 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-21824" ], "unique" : false }, { "id" : "CVE-2022-35255", "title" : "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2022-35255" ], "unique" : false }, { "id" : "CVE-2023-32002", "title" : "The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-32002" ], "unique" : false }, { "id" : "CVE-2024-21892", "title" : "On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-21892" ], "unique" : false }, { "id" : "CVE-2024-21896", "title" : "The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 7.9, "severity" : "HIGH", "cves" : [ "CVE-2024-21896" ], "unique" : false }, { "id" : "CVE-2025-23083", "title" : "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-23083" ], "unique" : false }, { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2021-35065", "title" : "The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-35065" ], "unique" : false }, { "id" : "CVE-2022-25881", "title" : "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25881" ], "unique" : false }, { "id" : "CVE-2022-25883", "title" : "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-25883" ], "unique" : false }, { "id" : "CVE-2022-3517", "title" : "A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3517" ], "unique" : false }, { "id" : "CVE-2022-43548", "title" : "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-43548" ], "unique" : false }, { "id" : "CVE-2023-23918", "title" : "A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23918" ], "unique" : false }, { "id" : "CVE-2023-23919", "title" : "A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-23919" ], "unique" : false }, { "id" : "CVE-2023-24807", "title" : "Undici vulnerable to Regular Expression Denial of Service in Headers", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24807" ], "unique" : false }, { "id" : "CVE-2023-30581", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30581" ], "unique" : false }, { "id" : "CVE-2023-30590", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-30590" ], "unique" : false }, { "id" : "CVE-2023-32067", "title" : "0-byte UDP payload DoS in c-ares", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32067" ], "unique" : false }, { "id" : "CVE-2023-32559", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-32559" ], "unique" : false }, { "id" : "CVE-2023-38552", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-38552" ], "unique" : false }, { "id" : "CVE-2023-39331", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-39331" ], "unique" : false }, { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2024-22019", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-22019" ], "unique" : false }, { "id" : "CVE-2024-27983", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-27983" ], "unique" : false }, { "id" : "CVE-2025-23166", "title" : "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-23166" ], "unique" : false }, { "id" : "CVE-2025-59465", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-59465" ], "unique" : false }, { "id" : "CVE-2026-1526", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1526" ], "unique" : false }, { "id" : "CVE-2026-1528", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1528" ], "unique" : false }, { "id" : "CVE-2026-21710", "title" : "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\r\n\r\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\r\n\r\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21710" ], "unique" : false }, { "id" : "CVE-2026-2229", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-2229" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2021-44531", "title" : "Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44531" ], "unique" : false }, { "id" : "CVE-2021-44532", "title" : "Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44532" ], "unique" : false }, { "id" : "CVE-2021-44533", "title" : "Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-44533" ], "unique" : false }, { "id" : "CVE-2024-22017", "title" : "setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-22017" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2026-1525", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2026-1525" ], "unique" : false }, { "id" : "CVE-2025-55130", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55130" ], "unique" : false }, { "id" : "CVE-2025-55131", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-55131" ], "unique" : false }, { "id" : "CVE-2023-30589", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-30589" ], "unique" : false }, { "id" : "CVE-2025-31498", "title" : "c-ares has a use-after-free in read_answers()", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-31498" ], "unique" : false }, { "id" : "CVE-2025-22150", "title" : "Undici Uses Insufficiently Random Values", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22150" ], "unique" : false }, { "id" : "CVE-2024-21891", "title" : "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21891" ], "unique" : false }, { "id" : "CVE-2022-35256", "title" : "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35256" ], "unique" : false }, { "id" : "CVE-2023-23936", "title" : "CRLF Injection in Nodejs ‘undici’ via host", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23936" ], "unique" : false }, { "id" : "CVE-2024-22020", "title" : "A security flaw in Node.js allows a bypass of network import restrictions.\nBy embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.\nVerified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.\nExploiting this flaw can violate network import security, posing a risk to developers and servers.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22020" ], "unique" : false }, { "id" : "CVE-2024-22025", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-22025" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2025-23167", "title" : "A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\\r\\n\\rX` instead of the required `\\r\\n\\r\\n`.\nThis inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.\n\nThe issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.\n\nImpact:\n* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23167" ], "unique" : false }, { "id" : "CVE-2026-1527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1527" ], "unique" : false }, { "id" : "CVE-2026-21712", "title" : "A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21712" ], "unique" : false }, { "id" : "CVE-2026-25547", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25547" ], "unique" : false }, { "id" : "CVE-2026-26996", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-26996" ], "unique" : false }, { "id" : "CVE-2026-27904", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27904" ], "unique" : false }, { "id" : "CVE-2024-27982", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27982" ], "unique" : false }, { "id" : "CVE-2023-31147", "title" : "Insufficient randomness in generation of DNS query IDs in c-ares", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31147" ], "unique" : false }, { "id" : "CVE-2023-46809", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46809" ], "unique" : false }, { "id" : "CVE-2025-59466", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59466" ], "unique" : false }, { "id" : "CVE-2026-21637", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21637" ], "unique" : false }, { "id" : "CVE-2026-21713", "title" : "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\r\n\r\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21713" ], "unique" : false }, { "id" : "CVE-2026-21717", "title" : "A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.\r\n\r\nThe most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21717" ], "unique" : false }, { "id" : "CVE-2026-2581", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-2581" ], "unique" : false }, { "id" : "CVE-2023-31130", "title" : "Buffer Underwrite in ares_inet_net_pton()", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-31130" ], "unique" : false }, { "id" : "CVE-2023-30588", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-30588" ], "unique" : false }, { "id" : "CVE-2023-39333", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39333" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false }, { "id" : "CVE-2025-23085", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-23085" ], "unique" : false }, { "id" : "CVE-2026-21714", "title" : "A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.\r\n\r\nThis vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21714" ], "unique" : false }, { "id" : "CVE-2026-21711", "title" : "A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them.\r\n\r\nAs a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary.\r\n\r\nThis vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.", "source" : "redhat-csaf", "cvssScore" : 5.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21711" ], "unique" : false }, { "id" : "CVE-2024-21890", "title" : "The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:\n```\n --allow-fs-read=/home/node/.ssh/*.pub\n```\n\nwill ignore `pub` and give access to everything after `.ssh/`.\n\nThis misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21890" ], "unique" : false }, { "id" : "CVE-2024-25629", "title" : "c-ares out of bounds read in ares__read_line()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-25629" ], "unique" : false }, { "id" : "CVE-2023-23920", "title" : "An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23920" ], "unique" : false }, { "id" : "CVE-2023-45143", "title" : "Undici's cookie header not cleared on cross-origin redirect in fetch", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2023-45143" ], "unique" : false }, { "id" : "CVE-2024-36137", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "source" : "redhat-csaf", "cvssScore" : 3.9, "severity" : "LOW", "cves" : [ "CVE-2024-36137" ], "unique" : false }, { "id" : "CVE-2026-21716", "title" : "An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2026-21716" ], "unique" : false }, { "id" : "CVE-2023-31124", "title" : "AutoTools does not set CARES_RANDOM_FILE during cross compilation", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-31124" ], "unique" : false }, { "id" : "CVE-2025-23165", "title" : "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2025-23165" ], "unique" : false }, { "id" : "CVE-2026-21715", "title" : "A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them.\r\n\r\nAs a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.\r\n\r\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2026-21715" ], "unique" : false }, { "id" : "CVE-2021-44906", "title" : "Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2021-44906" ], "unique" : false }, { "id" : "CVE-2024-22018", "title" : "A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used.\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2024-22018" ], "unique" : false }, { "id" : "CVE-2025-55132", "source" : "redhat-csaf", "cvssScore" : 2.8, "severity" : "LOW", "cves" : [ "CVE-2025-55132" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2023-39332", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2023-39332" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gcc-plugin-annobin@11.3.1-2.1.el9?arch=x86_64&distro=rhel-9.1&upstream=gcc-11.3.1-2.1.el9.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.1-47.el9_1?arch=x86_64&distro=rhel-9.1&epoch=1&upstream=openssl-3.0.1-47.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.1&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.19.1-24.el9_1?arch=x86_64&distro=rhel-9.1&upstream=krb5-1.19.1-24.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-headers@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/kernel-headers@5.14.0-162.18.1.el9_1?arch=x86_64&distro=rhel-9.1&upstream=kernel-5.14.0-162.18.1.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false }, { "id" : "CVE-2024-5154", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-5154" ], "unique" : false }, { "id" : "CVE-2025-21927", "title" : "nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21927" ], "unique" : false }, { "id" : "CVE-2023-1652", "title" : "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-1652" ], "unique" : false }, { "id" : "CVE-2023-52922", "title" : "can: bcm: Fix UAF in bcm_proc_show()", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-52922" ], "unique" : false }, { "id" : "CVE-2024-36971", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2024-36971" ], "unique" : false }, { "id" : "CVE-2025-21756", "title" : "vsock: Keep the binding until socket destruction", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-21756" ], "unique" : false }, { "id" : "CVE-2025-22020", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-22020" ], "unique" : false }, { "id" : "CVE-2025-38052", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38052" ], "unique" : false }, { "id" : "CVE-2025-38087", "title" : "net/sched: fix use-after-free in taprio_dev_notifier", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-38087" ], "unique" : false }, { "id" : "CVE-2022-41723", "title" : "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-41723" ], "unique" : false }, { "id" : "CVE-2025-38471", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-38471" ], "unique" : false }, { "id" : "CVE-2024-42284", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-42284" ], "unique" : false }, { "id" : "CVE-2024-53104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2024-53104" ], "unique" : false }, { "id" : "CVE-2025-37750", "title" : "smb: client: fix UAF in decryption with multichannel", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-37750" ], "unique" : false }, { "id" : "CVE-2025-38250", "title" : "Bluetooth: hci_core: Fix use-after-free in vhci_flush()", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-38250" ], "unique" : false }, { "id" : "CVE-2022-49846", "title" : "udf: Fix a slab-out-of-bounds write bug in udf_find_entry()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2022-49846" ], "unique" : false }, { "id" : "CVE-2023-52933", "title" : "Squashfs: fix handling and sanity checking of xattr_ids count", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-52933" ], "unique" : false }, { "id" : "CVE-2023-53751", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-53751" ], "unique" : false }, { "id" : "CVE-2023-6606", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6606" ], "unique" : false }, { "id" : "CVE-2023-6610", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-6610" ], "unique" : false }, { "id" : "CVE-2024-35937", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-35937" ], "unique" : false }, { "id" : "CVE-2024-38538", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-38538" ], "unique" : false }, { "id" : "CVE-2024-53150", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-53150" ], "unique" : false }, { "id" : "CVE-2024-57947", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2024-57947" ], "unique" : false }, { "id" : "CVE-2025-21887", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21887" ], "unique" : false }, { "id" : "CVE-2025-21893", "title" : "keys: Fix UAF in key_put()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21893" ], "unique" : false }, { "id" : "CVE-2025-21920", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21920" ], "unique" : false }, { "id" : "CVE-2025-21969", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21969" ], "unique" : false }, { "id" : "CVE-2025-21979", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21979" ], "unique" : false }, { "id" : "CVE-2025-21993", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21993" ], "unique" : false }, { "id" : "CVE-2025-21997", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-21997" ], "unique" : false }, { "id" : "CVE-2025-22026", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22026" ], "unique" : false }, { "id" : "CVE-2025-22055", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22055" ], "unique" : false }, { "id" : "CVE-2025-22058", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22058" ], "unique" : false }, { "id" : "CVE-2025-22104", "title" : "ibmvnic: Use kernel helpers for hex dumps", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22104" ], "unique" : false }, { "id" : "CVE-2025-22113", "title" : "ext4: avoid journaling sb update on error if journal is destroying", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22113" ], "unique" : false }, { "id" : "CVE-2025-22121", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-22121" ], "unique" : false }, { "id" : "CVE-2025-37738", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37738" ], "unique" : false }, { "id" : "CVE-2025-37799", "title" : "vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-37799" ], "unique" : false }, { "id" : "CVE-2025-38264", "title" : "nvme-tcp: sanitize request list handling", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-38264" ], "unique" : false }, { "id" : "CVE-2022-49977", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-49977" ], "unique" : false }, { "id" : "CVE-2022-50066", "title" : "net: atlantic: fix aq_vec index out of range error", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-50066" ], "unique" : false }, { "id" : "CVE-2023-53047", "title" : "tee: amdtee: fix race condition in amdtee_open_session", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53047" ], "unique" : false }, { "id" : "CVE-2023-53107", "title" : "veth: Fix use after free in XDP_REDIRECT", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-53107" ], "unique" : false }, { "id" : "CVE-2023-6932", "title" : "Use-after-free in Linux kernel's ipv4: igmp component", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2023-6932" ], "unique" : false }, { "id" : "CVE-2024-0646", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-0646" ], "unique" : false }, { "id" : "CVE-2024-46858", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-46858" ], "unique" : false }, { "id" : "CVE-2024-50154", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-50154" ], "unique" : false }, { "id" : "CVE-2024-53141", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-53141" ], "unique" : false }, { "id" : "CVE-2025-21727", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21727" ], "unique" : false }, { "id" : "CVE-2025-21764", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21764" ], "unique" : false }, { "id" : "CVE-2025-21867", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21867" ], "unique" : false }, { "id" : "CVE-2025-21919", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21919" ], "unique" : false }, { "id" : "CVE-2025-21926", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21926" ], "unique" : false }, { "id" : "CVE-2025-21966", "title" : "dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-21966" ], "unique" : false }, { "id" : "CVE-2025-22004", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22004" ], "unique" : false }, { "id" : "CVE-2025-22126", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-22126" ], "unique" : false }, { "id" : "CVE-2025-37797", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37797" ], "unique" : false }, { "id" : "CVE-2025-37803", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37803" ], "unique" : false }, { "id" : "CVE-2025-37890", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37890" ], "unique" : false }, { "id" : "CVE-2025-37914", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37914" ], "unique" : false }, { "id" : "CVE-2025-37943", "title" : "wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-37943" ], "unique" : false }, { "id" : "CVE-2025-38079", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38079" ], "unique" : false }, { "id" : "CVE-2025-38086", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38086" ], "unique" : false }, { "id" : "CVE-2025-38124", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38124" ], "unique" : false }, { "id" : "CVE-2025-38177", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38177" ], "unique" : false }, { "id" : "CVE-2025-38200", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38200" ], "unique" : false }, { "id" : "CVE-2025-38332", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-38332" ], "unique" : false }, { "id" : "CVE-2022-50616", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50616" ], "unique" : false }, { "id" : "CVE-2024-56614", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56614" ], "unique" : false }, { "id" : "CVE-2024-56615", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-56615" ], "unique" : false }, { "id" : "CVE-2025-21883", "title" : "ice: Fix deinitializing VF in error path", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21883" ], "unique" : false }, { "id" : "CVE-2025-21928", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21928" ], "unique" : false }, { "id" : "CVE-2025-21929", "title" : "HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21929" ], "unique" : false }, { "id" : "CVE-2025-21991", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21991" ], "unique" : false }, { "id" : "CVE-2025-22085", "title" : "RDMA/core: Fix use-after-free when rename device name", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22085" ], "unique" : false }, { "id" : "CVE-2021-47383", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2021-47383" ], "unique" : false }, { "id" : "CVE-2025-21759", "title" : "ipv6: mcast: extend RCU protection in igmp6_send()", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21759" ], "unique" : false }, { "id" : "CVE-2023-28746", "title" : "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28746" ], "unique" : false }, { "id" : "CVE-2023-6356", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6356" ], "unique" : false }, { "id" : "CVE-2023-6535", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6535" ], "unique" : false }, { "id" : "CVE-2023-6536", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6536" ], "unique" : false }, { "id" : "CVE-2024-21823", "title" : "Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-21823" ], "unique" : false }, { "id" : "CVE-2025-21999", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21999" ], "unique" : false }, { "id" : "CVE-2025-38350", "source" : "redhat-csaf", "cvssScore" : 6.4, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38350" ], "unique" : false }, { "id" : "CVE-2024-46695", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46695" ], "unique" : false }, { "id" : "CVE-2024-50275", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50275" ], "unique" : false }, { "id" : "CVE-2024-42292", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42292" ], "unique" : false }, { "id" : "CVE-2024-50302", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50302" ], "unique" : false }, { "id" : "CVE-2022-49395", "title" : "um: Fix out-of-bounds read in LDT setup", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49395" ], "unique" : false }, { "id" : "CVE-2023-5090", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5090" ], "unique" : false }, { "id" : "CVE-2024-26664", "title" : "hwmon: (coretemp) Fix out-of-bounds memory access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26664" ], "unique" : false }, { "id" : "CVE-2024-50264", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50264" ], "unique" : false }, { "id" : "CVE-2025-38110", "title" : "net/mdiobus: Fix potential out-of-bounds clause 45 read/write access", "source" : "redhat-csaf", "cvssScore" : 6.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38110" ], "unique" : false }, { "id" : "CVE-2024-53122", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53122" ], "unique" : false }, { "id" : "CVE-2024-53197", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53197" ], "unique" : false }, { "id" : "CVE-2024-36941", "title" : "wifi: nl80211: don't free NULL coalescing rule", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36941" ], "unique" : false }, { "id" : "CVE-2024-38627", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38627" ], "unique" : false }, { "id" : "CVE-2022-50042", "title" : "net: genl: fix error path memory leak in policy dumping", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50042" ], "unique" : false }, { "id" : "CVE-2022-50678", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-50678" ], "unique" : false }, { "id" : "CVE-2023-1074", "title" : "A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1074" ], "unique" : false }, { "id" : "CVE-2023-45862", "title" : "An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-45862" ], "unique" : false }, { "id" : "CVE-2023-52490", "title" : "mm: migrate: fix getting incorrect page mapping during page migration", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52490" ], "unique" : false }, { "id" : "CVE-2023-52658", "title" : "Revert \"net/mlx5: Block entering switchdev mode with ns inconsistency\"", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52658" ], "unique" : false }, { "id" : "CVE-2023-53597", "title" : "cifs: fix mid leak during reconnection after timeout threshold", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53597" ], "unique" : false }, { "id" : "CVE-2023-53704", "title" : "clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53704" ], "unique" : false }, { "id" : "CVE-2023-54004", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54004" ], "unique" : false }, { "id" : "CVE-2023-54093", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54093" ], "unique" : false }, { "id" : "CVE-2023-54271", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-54271" ], "unique" : false }, { "id" : "CVE-2023-7192", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7192" ], "unique" : false }, { "id" : "CVE-2024-0443", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0443" ], "unique" : false }, { "id" : "CVE-2024-26615", "title" : "net/smc: fix illegal rmb_desc access in SMC-D connection dump", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26615" ], "unique" : false }, { "id" : "CVE-2024-26878", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26878" ], "unique" : false }, { "id" : "CVE-2024-27046", "title" : "nfp: flower: handle acti_netdevs allocation failure", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27046" ], "unique" : false }, { "id" : "CVE-2024-27052", "title" : "wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-27052" ], "unique" : false }, { "id" : "CVE-2024-35789", "title" : "wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35789" ], "unique" : false }, { "id" : "CVE-2024-35852", "title" : "mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35852" ], "unique" : false }, { "id" : "CVE-2024-35890", "title" : "gro: fix ownership transfer", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35890" ], "unique" : false }, { "id" : "CVE-2024-35907", "title" : "mlxbf_gige: call request_irq() after NAPI initialized", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35907" ], "unique" : false }, { "id" : "CVE-2024-35952", "title" : "drm/ast: Fix soft lockup", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35952" ], "unique" : false }, { "id" : "CVE-2024-35989", "title" : "dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35989" ], "unique" : false }, { "id" : "CVE-2024-39483", "title" : "KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-39483" ], "unique" : false }, { "id" : "CVE-2024-40959", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-40959" ], "unique" : false }, { "id" : "CVE-2024-41035", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41035" ], "unique" : false }, { "id" : "CVE-2024-41064", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-41064" ], "unique" : false }, { "id" : "CVE-2024-42079", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42079" ], "unique" : false }, { "id" : "CVE-2024-42272", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42272" ], "unique" : false }, { "id" : "CVE-2024-42283", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42283" ], "unique" : false }, { "id" : "CVE-2024-42322", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-42322" ], "unique" : false }, { "id" : "CVE-2024-43854", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43854" ], "unique" : false }, { "id" : "CVE-2024-44990", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44990" ], "unique" : false }, { "id" : "CVE-2024-44994", "title" : "iommu: Restore lost return in iommu_report_device_fault()", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-44994" ], "unique" : false }, { "id" : "CVE-2024-45018", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45018" ], "unique" : false }, { "id" : "CVE-2024-46713", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46713" ], "unique" : false }, { "id" : "CVE-2024-46824", "title" : "iommufd: Require drivers to supply the cache_invalidate_user ops", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46824" ], "unique" : false }, { "id" : "CVE-2024-49949", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-49949" ], "unique" : false }, { "id" : "CVE-2024-50208", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50208" ], "unique" : false }, { "id" : "CVE-2024-50251", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50251" ], "unique" : false }, { "id" : "CVE-2024-50252", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50252" ], "unique" : false }, { "id" : "CVE-2024-53113", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53113" ], "unique" : false }, { "id" : "CVE-2025-21669", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21669" ], "unique" : false }, { "id" : "CVE-2025-21962", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21962" ], "unique" : false }, { "id" : "CVE-2025-21963", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21963" ], "unique" : false }, { "id" : "CVE-2025-21964", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21964" ], "unique" : false }, { "id" : "CVE-2025-37785", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-37785" ], "unique" : false }, { "id" : "CVE-2025-38234", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38234" ], "unique" : false }, { "id" : "CVE-2023-52448", "title" : "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52448" ], "unique" : false }, { "id" : "CVE-2023-53755", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-53755" ], "unique" : false }, { "id" : "CVE-2024-47745", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-47745" ], "unique" : false }, { "id" : "CVE-2024-53088", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2024-53088" ], "unique" : false }, { "id" : "CVE-2025-21961", "title" : "eth: bnxt: fix truesize for mb-xdp-pass case", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-21961" ], "unique" : false }, { "id" : "CVE-2025-22036", "title" : "exfat: fix random stack corruption after get_block", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-22036" ], "unique" : false }, { "id" : "CVE-2025-38417", "title" : "ice: fix eswitch code memory leak in reset scenario", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-38417" ], "unique" : false }, { "id" : "CVE-2023-52771", "title" : "cxl/port: Fix delete_endpoint() vs parent unregistration race", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52771" ], "unique" : false }, { "id" : "CVE-2023-52864", "title" : "platform/x86: wmi: Fix opening of char device", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2023-52864" ], "unique" : false }, { "id" : "CVE-2024-26855", "title" : "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26855" ], "unique" : false }, { "id" : "CVE-2024-35845", "title" : "wifi: iwlwifi: dbg-tlv: ensure NUL termination", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35845" ], "unique" : false }, { "id" : "CVE-2024-36922", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-36922" ], "unique" : false }, { "id" : "CVE-2024-38555", "title" : "net/mlx5: Discard command completions in internal error", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38555" ], "unique" : false }, { "id" : "CVE-2024-38556", "title" : "net/mlx5: Add a timeout to acquire the command queue semaphore", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38556" ], "unique" : false }, { "id" : "CVE-2024-43855", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-43855" ], "unique" : false }, { "id" : "CVE-2024-46826", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-46826" ], "unique" : false }, { "id" : "CVE-2024-26897", "title" : "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26897" ], "unique" : false }, { "id" : "CVE-2024-38586", "title" : "r8169: Fix possible ring buffer corruption on fragmented Tx packets.", "source" : "redhat-csaf", "cvssScore" : 4.1, "severity" : "MEDIUM", "cves" : [ "CVE-2024-38586" ], "unique" : false }, { "id" : "CVE-2022-50846", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2022-50846" ], "unique" : false }, { "id" : "CVE-2023-53639", "title" : "wifi: ath6kl: reduce WARN to dev_dbg() in callback", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-53639" ], "unique" : false }, { "id" : "CVE-2023-54153", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-54153" ], "unique" : false }, { "id" : "CVE-2023-54267", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2023-54267" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44466", "title" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-44466" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-devel@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-langpack-en@2.34-40.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=glibc-2.34-40.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl-minimal@7.76.1-19.el9_1.1?arch=x86_64&distro=rhel-9.1&upstream=curl-7.76.1-19.el9_1.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl