./mage -v ci:teste2e Running target: CI:TestE2E I0421 14:46:15.038484 19273 magefile.go:526] setting up new custom bundle for testing... I0421 14:46:15.686873 19273 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776782775-rogc -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: docker-build to image I0421 14:46:17.178688 19273 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776782775-rogc: quay.io/redhat-appstudio-qe/test-images@sha256:e48133b6af6afb35e2853f08a990e8a7003140fb0185ec9c0e1e92c1db32fc37 I0421 14:46:17.178733 19273 magefile.go:532] To use the custom docker bundle locally, run below cmd: export CUSTOM_DOCKER_BUILD_PIPELINE_BUNDLE=quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776782775-rogc I0421 14:46:17.178771 19273 build_service.go:50] checking if repository is build-service I0421 14:46:17.178785 19273 e2e_repo.go:347] checking if repository is e2e-tests I0421 14:46:17.178795 19273 e2e_repo.go:335] multi-platform tests and require sprayproxy registering are set to TRUE exec: git "diff" "--name-status" "upstream/main..HEAD" I0421 14:46:17.182031 19273 util.go:451] The following files, tests/integration-service/README.md, tests/integration-service/const.go, tests/integration-service/forgejo-integration-reporting.go, were changed! exec: go "install" "-mod=mod" "github.com/onsi/ginkgo/v2/ginkgo" go: downloading github.com/go-task/slim-sprig/v3 v3.0.0 go: downloading github.com/google/pprof v0.0.0-20260106004452-d7df1bf2cac7 I0421 14:46:20.827588 19273 install.go:188] cloning 'https://github.com/redhat-appstudio/infra-deployments' with git ref 'refs/heads/main' Enumerating objects: 79380, done. Counting objects: 0% (1/281) Counting objects: 1% (3/281) Counting objects: 2% (6/281) Counting objects: 3% (9/281) Counting objects: 4% (12/281) Counting objects: 5% (15/281) Counting objects: 6% (17/281) Counting objects: 7% (20/281) Counting objects: 8% (23/281) Counting objects: 9% (26/281) Counting objects: 10% (29/281) Counting objects: 11% (31/281) Counting objects: 12% (34/281) Counting objects: 13% (37/281) Counting objects: 14% (40/281) Counting objects: 15% (43/281) Counting objects: 16% (45/281) Counting objects: 17% (48/281) Counting objects: 18% (51/281) Counting objects: 19% (54/281) Counting objects: 20% (57/281) Counting objects: 21% (60/281) Counting objects: 22% (62/281) Counting objects: 23% (65/281) Counting objects: 24% (68/281) Counting objects: 25% (71/281) Counting objects: 26% (74/281) Counting objects: 27% (76/281) Counting objects: 28% (79/281) Counting objects: 29% (82/281) Counting objects: 30% (85/281) Counting objects: 31% (88/281) Counting objects: 32% (90/281) Counting objects: 33% (93/281) Counting objects: 34% (96/281) Counting objects: 35% (99/281) Counting objects: 36% (102/281) Counting objects: 37% (104/281) Counting objects: 38% (107/281) Counting objects: 39% (110/281) Counting objects: 40% (113/281) Counting objects: 41% (116/281) Counting objects: 42% (119/281) Counting objects: 43% (121/281) Counting objects: 44% (124/281) Counting objects: 45% (127/281) Counting objects: 46% (130/281) Counting objects: 47% (133/281) Counting objects: 48% (135/281) Counting objects: 49% (138/281) Counting objects: 50% (141/281) Counting objects: 51% (144/281) Counting objects: 52% (147/281) Counting objects: 53% (149/281) Counting objects: 54% (152/281) Counting objects: 55% (155/281) Counting objects: 56% (158/281) Counting objects: 57% (161/281) Counting objects: 58% (163/281) Counting objects: 59% (166/281) Counting objects: 60% (169/281) Counting objects: 61% (172/281) Counting objects: 62% (175/281) Counting objects: 63% (178/281) Counting objects: 64% (180/281) Counting objects: 65% (183/281) Counting objects: 66% (186/281) Counting objects: 67% (189/281) Counting objects: 68% (192/281) Counting objects: 69% (194/281) Counting objects: 70% (197/281) Counting objects: 71% (200/281) Counting objects: 72% (203/281) Counting objects: 73% (206/281) Counting objects: 74% (208/281) Counting objects: 75% (211/281) Counting objects: 76% (214/281) Counting objects: 77% (217/281) Counting objects: 78% (220/281) Counting objects: 79% (222/281) Counting objects: 80% (225/281) Counting objects: 81% (228/281) Counting objects: 82% (231/281) Counting objects: 83% (234/281) Counting objects: 84% (237/281) Counting objects: 85% (239/281) Counting objects: 86% (242/281) Counting objects: 87% (245/281) Counting objects: 88% (248/281) Counting objects: 89% (251/281) Counting objects: 90% (253/281) Counting objects: 91% (256/281) Counting objects: 92% (259/281) Counting objects: 93% (262/281) Counting objects: 94% (265/281) Counting objects: 95% (267/281) Counting objects: 96% (270/281) Counting objects: 97% (273/281) Counting objects: 98% (276/281) Counting objects: 99% (279/281) Counting objects: 100% (281/281) Counting objects: 100% (281/281), done. Compressing objects: 0% (1/180) Compressing objects: 1% (2/180) Compressing objects: 2% (4/180) Compressing objects: 3% (6/180) Compressing objects: 4% (8/180) Compressing objects: 5% (9/180) Compressing objects: 6% (11/180) Compressing objects: 7% (13/180) Compressing objects: 8% (15/180) Compressing objects: 9% (17/180) Compressing objects: 10% (18/180) Compressing objects: 11% (20/180) Compressing objects: 12% (22/180) Compressing objects: 13% (24/180) Compressing objects: 14% (26/180) Compressing objects: 15% (27/180) Compressing objects: 16% (29/180) Compressing objects: 17% (31/180) Compressing objects: 18% (33/180) Compressing objects: 19% (35/180) Compressing objects: 20% (36/180) Compressing objects: 21% (38/180) Compressing objects: 22% (40/180) Compressing objects: 23% (42/180) Compressing objects: 24% (44/180) Compressing objects: 25% (45/180) Compressing objects: 26% (47/180) Compressing objects: 27% (49/180) Compressing objects: 28% (51/180) Compressing objects: 29% (53/180) Compressing objects: 30% (54/180) Compressing objects: 31% (56/180) Compressing objects: 32% (58/180) Compressing objects: 33% (60/180) Compressing objects: 34% (62/180) Compressing objects: 35% (63/180) Compressing objects: 36% (65/180) Compressing objects: 37% (67/180) Compressing objects: 38% (69/180) Compressing objects: 39% (71/180) Compressing objects: 40% (72/180) Compressing objects: 41% (74/180) Compressing objects: 42% (76/180) Compressing objects: 43% (78/180) Compressing objects: 44% (80/180) Compressing objects: 45% (81/180) Compressing objects: 46% (83/180) Compressing objects: 47% (85/180) Compressing objects: 48% (87/180) Compressing objects: 49% (89/180) Compressing objects: 50% (90/180) Compressing objects: 51% (92/180) Compressing objects: 52% (94/180) Compressing objects: 53% (96/180) Compressing objects: 54% (98/180) Compressing objects: 55% (99/180) Compressing objects: 56% (101/180) Compressing objects: 57% (103/180) Compressing objects: 58% (105/180) Compressing objects: 59% (107/180) Compressing objects: 60% (108/180) Compressing objects: 61% (110/180) Compressing objects: 62% (112/180) Compressing objects: 63% (114/180) Compressing objects: 64% (116/180) Compressing objects: 65% (117/180) Compressing objects: 66% (119/180) Compressing objects: 67% (121/180) Compressing objects: 68% (123/180) Compressing objects: 69% (125/180) Compressing objects: 70% (126/180) Compressing objects: 71% (128/180) Compressing objects: 72% (130/180) Compressing objects: 73% (132/180) Compressing objects: 74% (134/180) Compressing objects: 75% (135/180) Compressing objects: 76% (137/180) Compressing objects: 77% (139/180) Compressing objects: 78% (141/180) Compressing objects: 79% (143/180) Compressing objects: 80% (144/180) Compressing objects: 81% (146/180) Compressing objects: 82% (148/180) Compressing objects: 83% (150/180) Compressing objects: 84% (152/180) Compressing objects: 85% (153/180) Compressing objects: 86% (155/180) Compressing objects: 87% (157/180) Compressing objects: 88% (159/180) Compressing objects: 89% (161/180) Compressing objects: 90% (162/180) Compressing objects: 91% (164/180) Compressing objects: 92% (166/180) Compressing objects: 93% (168/180) Compressing objects: 94% (170/180) Compressing objects: 95% (171/180) Compressing objects: 96% (173/180) Compressing objects: 97% (175/180) Compressing objects: 98% (177/180) Compressing objects: 99% (179/180) Compressing objects: 100% (180/180) Compressing objects: 100% (180/180), done. Total 79380 (delta 195), reused 102 (delta 101), pack-reused 79099 (from 3) From https://github.com/redhat-appstudio/infra-deployments * branch main -> FETCH_HEAD Already up to date. ============================================================================= [2026-04-21 14:46:24] [STEP] Starting Konflux Cluster Bootstrap ============================================================================= [2026-04-21 14:46:24] [INFO] Mode: preview [2026-04-21 14:46:24] [INFO] Options: OBO=disabled, EAAS=disabled [2026-04-21 14:46:24] [INFO] Start time: 2026-04-21 14:46:24 UTC ============================================================================= [2026-04-21 14:46:24] [STEP] Phase 1: Deploying ArgoCD ============================================================================= ============================================================================= [2026-04-21 14:46:24] [STEP] Deploying OpenShift GitOps (ArgoCD) ============================================================================= [2026-04-21 14:46:24] [SUBSTEP] Verifying cluster-admin permissions [2026-04-21 14:46:24] [SUCCESS] User 'cluster-admin' has cluster-admin permissions [2026-04-21 14:46:24] [SUBSTEP] Installing OpenShift GitOps operator subscription clusterrole.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-application-controller created clusterrole.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-server created clusterrolebinding.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-application-controller created clusterrolebinding.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-server created subscription.operators.coreos.com/openshift-gitops-operator created [2026-04-21 14:46:24] [SUCCESS] GitOps operator subscription applied [2026-04-21 14:46:24] [SUBSTEP] Waiting for default ArgoCD project to be created [2026-04-21 14:46:25] [WAITING] Default project not yet available (5s/300s) [2026-04-21 14:46:30] [WAITING] Default project not yet available (10s/300s) [2026-04-21 14:46:35] [WAITING] Default project not yet available (15s/300s) [2026-04-21 14:46:40] [WAITING] Default project not yet available (20s/300s) [2026-04-21 14:46:45] [WAITING] Default project not yet available (25s/300s) [2026-04-21 14:46:51] [WAITING] Default project not yet available (30s/300s) [2026-04-21 14:46:56] [WAITING] Default project not yet available (35s/300s) [2026-04-21 14:47:01] [SUCCESS] Default ArgoCD project is available [2026-04-21 14:47:01] [SUBSTEP] Waiting for OpenShift GitOps route to be created [2026-04-21 14:47:01] [SUCCESS] OpenShift GitOps route is available [2026-04-21 14:47:01] [SUBSTEP] Configuring ArgoCD repo server resources and timeout argocd.argoproj.io/openshift-gitops patched [2026-04-21 14:47:01] [SUCCESS] Repo server configured: timeout=5m, cpu=100m, memory=100Mi [2026-04-21 14:47:01] [SUBSTEP] Configuring ArgoCD application controller resources argocd.argoproj.io/openshift-gitops patched [2026-04-21 14:47:02] [SUCCESS] Application controller configured: cpu=4, memory=4Gi [2026-04-21 14:47:02] [SUBSTEP] Switching ArgoCD route to re-encryption TLS argocd.argoproj.io/openshift-gitops patched [2026-04-21 14:47:02] [SUCCESS] Route TLS termination set to 'reencrypt' [2026-04-21 14:47:02] [SUBSTEP] Restarting ArgoCD server after TLS configuration change pod "openshift-gitops-server-6944966b75-bdh6l" deleted [2026-04-21 14:47:03] [SUCCESS] ArgoCD server pods deleted for restart [2026-04-21 14:47:03] [SUBSTEP] Granting admin role to authenticated users [2026-04-21 14:47:03] [INFO] Note: This should be updated once proper access policy is in place argocd.argoproj.io/openshift-gitops patched [2026-04-21 14:47:04] [SUCCESS] RBAC policy set: system:authenticated -> role:admin [2026-04-21 14:47:04] [SUBSTEP] Configuring PVC health check (WaitForFirstConsumer workaround) Warning: unknown field "spec.resourceCustomizations" argocd.argoproj.io/openshift-gitops patched (no change) [2026-04-21 14:47:04] [SUCCESS] PVC health customization applied (Pending/Bound = Healthy) [2026-04-21 14:47:04] [SUBSTEP] Enabling Helm support in Kustomize builds argocd.argoproj.io/openshift-gitops patched [2026-04-21 14:47:04] [SUCCESS] Kustomize build options set: --enable-helm [2026-04-21 14:47:04] [SUBSTEP] Configuring ArgoCD to ignore aggregated roles in diff argocd.argoproj.io/openshift-gitops patched [2026-04-21 14:47:04] [SUCCESS] ignoreAggregatedRoles set to true [2026-04-21 14:47:04] [SUBSTEP] Setting ArgoCD tracking method to annotation argocd.argoproj.io/openshift-gitops patched [2026-04-21 14:47:05] [SUCCESS] Resource tracking method set to 'annotation' [2026-04-21 14:47:05] [SUBSTEP] Restarting GitOps server deployment deployment.apps/openshift-gitops-server restarted [2026-04-21 14:47:05] [SUCCESS] GitOps server restart initiated [2026-04-21 14:47:05] [INFO] Waiting for rollout to complete... Waiting for deployment "openshift-gitops-server" rollout to finish: 0 out of 1 new replicas have been updated... Waiting for deployment "openshift-gitops-server" rollout to finish: 1 old replicas are pending termination... Waiting for deployment "openshift-gitops-server" rollout to finish: 1 old replicas are pending termination... Waiting for deployment "openshift-gitops-server" rollout to finish: 1 old replicas are pending termination... deployment "openshift-gitops-server" successfully rolled out [2026-04-21 14:47:36] [SUCCESS] GitOps server rollout complete ============================================================================= [2026-04-21 14:47:36] [STEP] ArgoCD Access Information ============================================================================= [2026-04-21 14:47:36] [INFO] ArgoCD URL: https://openshift-gitops-server-openshift-gitops.apps.rosa.kx-1b2e98ba8f.4wjs.p3.openshiftapps.com [2026-04-21 14:47:36] [INFO] Authentication: Use 'Login with OpenShift' button (OpenShift credentials) [2026-04-21 14:47:36] [SUBSTEP] Verifying ArgoCD route is accessible [2026-04-21 14:47:56] [WAITING] Waiting for route to respond (5s/120s) [2026-04-21 14:48:01] [SUCCESS] ArgoCD is accessible at https://openshift-gitops-server-openshift-gitops.apps.rosa.kx-1b2e98ba8f.4wjs.p3.openshiftapps.com [ARGOCD_DEPLOY_JSON] {"status":"success","url":"https://openshift-gitops-server-openshift-gitops.apps.rosa.kx-1b2e98ba8f.4wjs.p3.openshiftapps.com","namespace":"openshift-gitops","auth_method":"openshift"} ============================================================================= [2026-04-21 14:48:01] [STEP] OpenShift GitOps Deployment Complete ============================================================================= ============================================================================= [2026-04-21 14:48:01] [STEP] Phase 2: Bootstrapping Host Cluster ============================================================================= [2026-04-21 14:48:01] [INFO] Bootstrapping host cluster components [2026-04-21 14:48:01] [INFO] No preview.env file found - using environment variables only [2026-04-21 14:48:01] [SUBSTEP] Configuring Quality Dashboard secrets Setting secrets for Quality Dashboard namespace/quality-dashboard created secret/quality-dashboard-secrets created [2026-04-21 14:48:05] [SUCCESS] Quality Dashboard secrets configured [2026-04-21 14:48:05] [SUBSTEP] Configuring CI Helper App secret Creating secret for CI Helper App namespace/ci-helper-app created secret/ci-helper-app-secrets created [2026-04-21 14:48:05] [SUCCESS] CI Helper App secret configured [2026-04-21 14:48:05] [SUCCESS] Host cluster bootstrap complete ============================================================================= [2026-04-21 14:48:05] [STEP] Phase 3: Bootstrapping Member Cluster ============================================================================= [2026-04-21 14:48:05] [INFO] Bootstrapping member cluster components [2026-04-21 14:48:05] [INFO] No preview.env file found - using environment variables only [2026-04-21 14:48:05] [SUBSTEP] Configuring Pipeline Service secrets Setting secrets for pipeline-service tekton-results namespace already exists, skipping creation tekton-logging namespace already exists, skipping creation namespace/product-kubearchive-logging created Creating DB secret secret/tekton-results-database created Creating S3 secret secret/tekton-results-s3 created Creating MinIO config secret/minio-storage-configuration created Creating S3 secret secret/tekton-results-s3 created Creating MinIO config MinIO config already exists, skipping creation Creating Postgres TLS certs secret/postgresql-tls created configmap/rds-root-crt created [2026-04-21 14:48:08] [SUCCESS] Pipeline Service secrets configured [2026-04-21 14:48:08] [SUBSTEP] Configuring GitHub secrets [2026-04-21 14:48:08] [INFO] GitHub token provided - creating secrets namespace/application-service created Creating a has secret from legacy token secret/has-github-token created [2026-04-21 14:48:12] [SUCCESS] GitHub secrets configured [2026-04-21 14:48:12] [SUBSTEP] Configuring Image Controller secrets [2026-04-21 14:48:12] [INFO] Quay organization: redhat-appstudio-qe Creating a secret with a token for Image Controller namespace/image-controller created secret/quaytoken created [2026-04-21 14:48:12] [SUCCESS] Image Controller secrets configured [2026-04-21 14:48:12] [SUCCESS] Member cluster bootstrap complete ============================================================================= [2026-04-21 14:48:12] [STEP] Phase 4: Bootstrapping Common Components ============================================================================= [2026-04-21 14:48:12] [INFO] Bootstrapping common cluster components [2026-04-21 14:48:12] [INFO] No preview.env file found at /tmp/tmp.Z3CXXW4lH8/tmp/infra-deployments/hack/../hack/preview.env - using environment variables only [2026-04-21 14:48:12] [SUBSTEP] Configuring Docker Hub pull secret Configuring the cluster with a pull secret for Docker Hub Saved credentials for docker.io into /tmp/tmp.dKDKjKkQeT secret/pull-secret data updated Saved credentials for docker.io into /tmp/tmp.dKDKjKkQeT secret/docker-io-pull created [2026-04-21 14:48:14] [SUCCESS] Docker Hub pull secret configured [2026-04-21 14:48:14] [SUBSTEP] Configuring DORA metrics exporter secrets Setting secrets for Dora metrics exporter namespace/dora-metrics created secret/exporters-secret created [2026-04-21 14:48:14] [SUCCESS] DORA metrics exporter secrets configured [2026-04-21 14:48:14] [SUCCESS] Common cluster bootstrap complete ============================================================================= [2026-04-21 14:48:14] [STEP] Phase 5: Mode-Specific Deployment (preview) ============================================================================= [2026-04-21 14:48:14] [INFO] Deploying preview configuration ============================================================================= [2026-04-21 14:48:14] [STEP] Starting Konflux Preview Environment Setup ============================================================================= [2026-04-21 14:48:14] [INFO] Script: /tmp/tmp.Z3CXXW4lH8/tmp/infra-deployments/hack/../hack/preview.sh [2026-04-21 14:48:14] [INFO] Options: OBO=false, GRAFANA=false, EAAS=false [2026-04-21 14:48:14] [INFO] Start time: 2026-04-21 14:48:14 UTC ============================================================================= [2026-04-21 14:48:14] [STEP] Cluster Context Information ============================================================================= [2026-04-21 14:48:15] [INFO] OpenShift Version: 4.18.9 [2026-04-21 14:48:15] [INFO] API Server: https://api.kx-1b2e98ba8f.4wjs.p3.openshiftapps.com:443 [2026-04-21 14:48:15] [INFO] Cluster ID: c576614e-5b11-4f04-a338-432559e64dca [2026-04-21 14:48:15] [INFO] Cluster Domain: apps.rosa.kx-1b2e98ba8f.4wjs.p3.openshiftapps.com [2026-04-21 14:48:15] [INFO] Total Nodes: 3 [2026-04-21 14:48:15] [INFO] - Master nodes: 0 [2026-04-21 14:48:15] [INFO] - Worker nodes: 3 [2026-04-21 14:48:15] [SUCCESS] Cluster operators: All healthy [CLUSTER_CONTEXT_JSON] {"ocp_version":"4.18.9","api_server":"https://api.kx-1b2e98ba8f.4wjs.p3.openshiftapps.com:443","cluster_id":"c576614e-5b11-4f04-a338-432559e64dca","cluster_domain":"apps.rosa.kx-1b2e98ba8f.4wjs.p3.openshiftapps.com","total_nodes":3,"master_nodes":0,"worker_nodes":3,"degraded_operators":0} Switched to a new branch 'preview-main-ukwe' [2026-04-21 14:48:15] [SUCCESS] Git environment initialized [2026-04-21 14:48:15] [INFO] - Repository URL: https://github.com/redhat-appstudio-qe/infra-deployments.git [2026-04-21 14:48:15] [INFO] - Source branch: main [2026-04-21 14:48:15] [INFO] - Preview branch: preview-main-ukwe [2026-04-21 14:48:15] [INFO] - GitHub org: redhat-appstudio-qe ============================================================================= [2026-04-21 14:48:15] [STEP] Patching ArgoCD application manifests to use fork repository ============================================================================= [2026-04-21 14:48:15] [INFO] Setting repoURL to: https://github.com/redhat-appstudio-qe/infra-deployments.git [2026-04-21 14:48:15] [INFO] Setting targetRevision to: preview-main-ukwe [2026-04-21 14:48:15] [SUBSTEP] Patched: application-patch.yaml [2026-04-21 14:48:15] [SUBSTEP] Patched: application-set-patch.yaml [2026-04-21 14:48:15] [SUBSTEP] Patched: application-set-multisrc-src-1-patch.yaml [2026-04-21 14:48:15] [SUCCESS] All ArgoCD patch files updated ============================================================================= [2026-04-21 14:48:15] [STEP] Labeling cluster nodes for Konflux workloads ============================================================================= [2026-04-21 14:48:15] [INFO] Reference: https://github.com/redhat-appstudio/infra-deployments/pull/4415 [2026-04-21 14:48:16] [INFO] Found 3 nodes to label with 'konflux-ci.dev/workload=konflux-tenants' [2026-04-21 14:48:16] [SUBSTEP] Labeling node/ip-10-0-128-250.ec2.internal node/ip-10-0-128-250.ec2.internal labeled [2026-04-21 14:48:16] [SUCCESS] Successfully labeled node/ip-10-0-128-250.ec2.internal [2026-04-21 14:48:16] [SUBSTEP] Labeling node/ip-10-0-159-24.ec2.internal node/ip-10-0-159-24.ec2.internal labeled [2026-04-21 14:48:16] [SUCCESS] Successfully labeled node/ip-10-0-159-24.ec2.internal [2026-04-21 14:48:16] [SUBSTEP] Labeling node/ip-10-0-165-224.ec2.internal node/ip-10-0-165-224.ec2.internal labeled [2026-04-21 14:48:16] [SUCCESS] Successfully labeled node/ip-10-0-165-224.ec2.internal [2026-04-21 14:48:16] [SUBSTEP] Verifying labels on all nodes... [2026-04-21 14:48:16] [SUCCESS] All 3 nodes labeled and verified successfully ============================================================================= [2026-04-21 14:48:16] [STEP] Checking OCP version for Kueue compatibility ============================================================================= [2026-04-21 14:48:16] [INFO] Detected OpenShift Container Platform version: 4.18.9 (minor: 18) [2026-04-21 14:48:16] [SUCCESS] OCP version 4.18.9 meets Kueue requirements - Kueue will be deployed ============================================================================= [2026-04-21 14:48:16] [STEP] Configuring GitHub organization ============================================================================= [2026-04-21 14:48:16] [INFO] Setting GitHub org to: redhat-appstudio-qe [2026-04-21 14:48:16] [INFO] Configuring GitHub organization for Application Service (HAS) [2026-04-21 14:48:16] [INFO] - Target org: redhat-appstudio-qe [2026-04-21 14:48:16] [INFO] - Config file: /tmp/tmp.Z3CXXW4lH8/tmp/infra-deployments/hack/../components/has/base/kustomization.yaml [2026-04-21 14:48:16] [SUCCESS] GitHub organization set to 'redhat-appstudio-qe' [2026-04-21 14:48:16] [SUCCESS] Verified: Configuration updated correctly [2026-04-21 14:48:16] [SUCCESS] GitHub organization configured ============================================================================= [2026-04-21 14:48:16] [STEP] Configuring Rekor server hostname ============================================================================= [2026-04-21 14:48:16] [INFO] Cluster domain: apps.rosa.kx-1b2e98ba8f.4wjs.p3.openshiftapps.com [2026-04-21 14:48:17] [INFO] Rekor server hostname: rekor.apps.rosa.kx-1b2e98ba8f.4wjs.p3.openshiftapps.com [2026-04-21 14:48:17] [SUCCESS] Rekor server hostname configured ============================================================================= [2026-04-21 14:48:17] [STEP] Applying service image overrides from environment variables ============================================================================= [2026-04-21 14:48:17] [INFO] No service image overrides configured - using default images ============================================================================= [2026-04-21 14:48:17] [STEP] Committing and pushing preview changes ============================================================================= [preview-main-ukwe b091eb6eb] Preview mode, do not merge into main 8 files changed, 15 insertions(+), 21 deletions(-) remote: remote: Create a pull request for 'preview-main-ukwe' on GitHub by visiting: remote: https://github.com/redhat-appstudio-qe/infra-deployments/pull/new/preview-main-ukwe remote: To https://github.com/redhat-appstudio-qe/infra-deployments.git * [new branch] preview-main-ukwe -> preview-main-ukwe branch 'preview-main-ukwe' set up to track 'qe/preview-main-ukwe'. [2026-04-21 14:48:18] [SUCCESS] Preview changes committed and pushed to qe/preview-main-ukwe ============================================================================= [2026-04-21 14:48:18] [STEP] Deploying ArgoCD applications ============================================================================= [2026-04-21 14:48:18] [SUBSTEP] Applying root Application from: /tmp/tmp.Z3CXXW4lH8/tmp/infra-deployments/hack/../argo-cd-apps/app-of-app-sets/development application.argoproj.io/all-application-sets created [2026-04-21 14:48:18] [SUCCESS] Root Application 'all-application-sets' created [2026-04-21 14:48:18] [SUBSTEP] Waiting for 'all-application-sets' to become Healthy and Synced [2026-04-21 14:48:18] [WAITING] Root application status: ' ' (target: 'Healthy Synced') - 5s elapsed [2026-04-21 14:48:23] [WAITING] Root application status: ' ' (target: 'Healthy Synced') - 10s elapsed [2026-04-21 14:48:29] [WAITING] Root application status: 'Healthy OutOfSync' (target: 'Healthy Synced') - 15s elapsed [2026-04-21 14:48:34] [SUCCESS] Root application 'all-application-sets' is Healthy and Synced [2026-04-21 14:48:34] [SUBSTEP] Triggering hard refresh on all ArgoCD applications [2026-04-21 14:48:34] [INFO] Found 43 applications to refresh application.argoproj.io/dora-metrics-in-cluster-local patched application.argoproj.io/disaster-recovery-in-cluster-local patched application.argoproj.io/image-controller-in-cluster-local patched application.argoproj.io/cert-manager-in-cluster-local patched application.argoproj.io/crossplane-control-plane-in-cluster-local patched application.argoproj.io/application-api-in-cluster-local patched application.argoproj.io/kueue-in-cluster-local patched application.argoproj.io/integration-in-cluster-local patched application.argoproj.io/build-templates-in-cluster-local patched application.argoproj.io/disable-csvcopy-in-cluster-local patched application.argoproj.io/backup-in-cluster-local patched application.argoproj.io/kubearchive-in-cluster-local patched application.argoproj.io/konflux-kite-in-cluster-local patched application.argoproj.io/perf-team-prometheus-reader-in-cluster-local patched application.argoproj.io/trust-manager-in-cluster-local patched application.argoproj.io/pipeline-service-in-cluster-local patched application.argoproj.io/mintmaker-in-cluster-local patched application.argoproj.io/monitoring-workload-prometheus-in-cluster-local patched application.argoproj.io/vector-kubearchive-log-collector-in-cluster-local patched (no change) application.argoproj.io/vector-tekton-logs-collector-in-cluster-local patched application.argoproj.io/squid-in-cluster-local patched application.argoproj.io/build-service-in-cluster-local patched application.argoproj.io/monitoring-cardinality-in-cluster-local patched application.argoproj.io/all-application-sets patched application.argoproj.io/tempo-in-cluster-local patched application.argoproj.io/monitoring-workload-custom-kube-state-metrics-in-cluster-local patched application.argoproj.io/tracing-workload-otel-collector-in-cluster-local patched application.argoproj.io/smee-client-in-cluster-local patched application.argoproj.io/tracing-workload-tracing-in-cluster-local patched application.argoproj.io/enterprise-contract-in-cluster-local patched application.argoproj.io/multi-platform-controller-in-cluster-local patched application.argoproj.io/has-in-cluster-local patched application.argoproj.io/monitoring-registry-in-cluster-local patched application.argoproj.io/project-controller-in-cluster-local patched application.argoproj.io/image-rbac-proxy-in-cluster-local patched application.argoproj.io/internal-services-in-cluster-local patched application.argoproj.io/knative-eventing-in-cluster-local patched application.argoproj.io/konflux-info-in-cluster-local patched application.argoproj.io/release-in-cluster-local patched application.argoproj.io/kyverno-in-cluster-local patched application.argoproj.io/repository-validator-in-cluster-local patched application.argoproj.io/konflux-rbac-in-cluster-local patched application.argoproj.io/policies-in-cluster-local patched [2026-04-21 14:48:41] [SUCCESS] Hard refresh triggered on all 43 applications [2026-04-21 14:48:41] [SUBSTEP] Waiting for refresh operations to complete [2026-04-21 14:48:41] [PROGRESS] Refresh: 0/43 complete | 43 still refreshing (5s elapsed) [2026-04-21 14:48:46] [PROGRESS] Refresh: 0/43 complete | 43 still refreshing (10s elapsed) [2026-04-21 14:48:52] [PROGRESS] Refresh: 0/43 complete | 43 still refreshing (15s elapsed) [2026-04-21 14:48:57] [PROGRESS] Refresh: 11/43 complete | 32 still refreshing (20s elapsed) [2026-04-21 14:49:02] [PROGRESS] Refresh: 19/43 complete | 24 still refreshing (25s elapsed) [2026-04-21 14:49:08] [PROGRESS] Refresh: 19/43 complete | 24 still refreshing (30s elapsed) [2026-04-21 14:49:13] [PROGRESS] Refresh: 27/43 complete | 16 still refreshing (35s elapsed) [2026-04-21 14:49:18] [PROGRESS] Refresh: 37/43 complete | 6 still refreshing (40s elapsed) [2026-04-21 14:49:23] [PROGRESS] Refresh: 39/43 complete | 4 still refreshing (45s elapsed) [2026-04-21 14:49:29] [PROGRESS] Refresh: 39/43 complete | 4 still refreshing (50s elapsed) [2026-04-21 14:49:34] [PROGRESS] Refresh: 39/43 complete | 4 still refreshing (55s elapsed) [2026-04-21 14:49:39] [PROGRESS] Refresh: 40/43 complete | 3 still refreshing (60s elapsed) [2026-04-21 14:49:45] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (65s elapsed) [2026-04-21 14:49:50] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (70s elapsed) [2026-04-21 14:49:55] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (75s elapsed) [2026-04-21 14:50:01] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (80s elapsed) [2026-04-21 14:50:06] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (85s elapsed) [2026-04-21 14:50:11] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (90s elapsed) [2026-04-21 14:50:17] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (95s elapsed) [2026-04-21 14:50:22] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (100s elapsed) [2026-04-21 14:50:27] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (105s elapsed) [2026-04-21 14:50:33] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (110s elapsed) [2026-04-21 14:50:38] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (115s elapsed) [2026-04-21 14:50:43] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (120s elapsed) [2026-04-21 14:50:49] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (125s elapsed) [2026-04-21 14:50:54] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (130s elapsed) [2026-04-21 14:50:59] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (135s elapsed) [2026-04-21 14:51:05] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (140s elapsed) [2026-04-21 14:51:10] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (145s elapsed) [2026-04-21 14:51:15] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (150s elapsed) [2026-04-21 14:51:20] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (155s elapsed) [2026-04-21 14:51:26] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (160s elapsed) [2026-04-21 14:51:31] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (165s elapsed) [2026-04-21 14:51:37] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (170s elapsed) [2026-04-21 14:51:42] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (175s elapsed) [2026-04-21 14:51:47] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (180s elapsed) [2026-04-21 14:51:53] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (185s elapsed) [2026-04-21 14:51:58] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (190s elapsed) [2026-04-21 14:52:03] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (195s elapsed) [2026-04-21 14:52:09] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (200s elapsed) [2026-04-21 14:52:14] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (205s elapsed) [2026-04-21 14:52:19] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (210s elapsed) [2026-04-21 14:52:25] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (215s elapsed) [2026-04-21 14:52:30] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (220s elapsed) [2026-04-21 14:52:35] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (225s elapsed) [2026-04-21 14:52:41] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (230s elapsed) [2026-04-21 14:52:46] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (235s elapsed) [2026-04-21 14:52:51] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (240s elapsed) [2026-04-21 14:52:57] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (245s elapsed) [2026-04-21 14:53:02] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (250s elapsed) [2026-04-21 14:53:07] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (255s elapsed) [2026-04-21 14:53:13] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (260s elapsed) [2026-04-21 14:53:18] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (265s elapsed) [2026-04-21 14:53:23] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (270s elapsed) [2026-04-21 14:53:29] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (275s elapsed) [2026-04-21 14:53:34] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (280s elapsed) [2026-04-21 14:53:39] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (285s elapsed) [2026-04-21 14:53:45] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (290s elapsed) [2026-04-21 14:53:50] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (295s elapsed) [2026-04-21 14:53:55] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (300s elapsed) [2026-04-21 14:54:01] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (305s elapsed) [2026-04-21 14:54:06] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (310s elapsed) [2026-04-21 14:54:11] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (315s elapsed) [2026-04-21 14:54:17] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (320s elapsed) [2026-04-21 14:54:22] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (325s elapsed) [2026-04-21 14:54:27] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (330s elapsed) [2026-04-21 14:54:33] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (335s elapsed) [2026-04-21 14:54:38] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (340s elapsed) [2026-04-21 14:54:43] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (345s elapsed) [2026-04-21 14:54:49] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (350s elapsed) [2026-04-21 14:54:54] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (355s elapsed) [2026-04-21 14:54:59] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (360s elapsed) [2026-04-21 14:55:05] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (365s elapsed) [2026-04-21 14:55:10] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (370s elapsed) [2026-04-21 14:55:15] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (375s elapsed) [2026-04-21 14:55:21] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (380s elapsed) [2026-04-21 14:55:26] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (385s elapsed) [2026-04-21 14:55:31] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (390s elapsed) [2026-04-21 14:55:37] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (395s elapsed) [2026-04-21 14:55:42] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (400s elapsed) [2026-04-21 14:55:47] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (405s elapsed) [2026-04-21 14:55:53] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (410s elapsed) [2026-04-21 14:55:58] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (415s elapsed) [2026-04-21 14:56:03] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (420s elapsed) [2026-04-21 14:56:09] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (425s elapsed) [2026-04-21 14:56:14] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (430s elapsed) [2026-04-21 14:56:19] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (435s elapsed) [2026-04-21 14:56:25] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (440s elapsed) [2026-04-21 14:56:30] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (445s elapsed) [2026-04-21 14:56:35] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (450s elapsed) [2026-04-21 14:56:41] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (455s elapsed) [2026-04-21 14:56:46] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (460s elapsed) [2026-04-21 14:56:51] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (465s elapsed) [2026-04-21 14:56:56] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (470s elapsed) [2026-04-21 14:57:02] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (475s elapsed) [2026-04-21 14:57:07] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (480s elapsed) [2026-04-21 14:57:12] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (485s elapsed) [2026-04-21 14:57:18] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (490s elapsed) [2026-04-21 14:57:23] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (495s elapsed) [2026-04-21 14:57:29] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (500s elapsed) [2026-04-21 14:57:34] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (505s elapsed) [2026-04-21 14:57:39] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (510s elapsed) [2026-04-21 14:57:44] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (515s elapsed) [2026-04-21 14:57:50] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (520s elapsed) [2026-04-21 14:57:55] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (525s elapsed) [2026-04-21 14:58:00] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (530s elapsed) [2026-04-21 14:58:06] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (535s elapsed) [2026-04-21 14:58:11] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (540s elapsed) [2026-04-21 14:58:16] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (545s elapsed) [2026-04-21 14:58:22] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (550s elapsed) [2026-04-21 14:58:27] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (555s elapsed) [2026-04-21 14:58:32] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (560s elapsed) [2026-04-21 14:58:38] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (565s elapsed) [2026-04-21 14:58:43] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (570s elapsed) [2026-04-21 14:58:48] [PROGRESS] Refresh: 42/43 complete | 1 still refreshing (575s elapsed) [2026-04-21 14:58:54] [SUCCESS] All 43 applications refreshed ============================================================================= [2026-04-21 14:58:54] [STEP] Waiting for all ArgoCD applications to sync and become healthy ============================================================================= [2026-04-21 14:58:54] [INFO] Timeout: 2700 seconds (45 minutes) [2026-04-21 14:58:54] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 0s elapsed) [2026-04-21 14:58:54] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 14:58:54] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 14:59:04] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 10s elapsed) [2026-04-21 14:59:04] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 14:59:04] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 14:59:14] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 20s elapsed) [2026-04-21 14:59:14] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 14:59:14] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 14:59:24] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 30s elapsed) [2026-04-21 14:59:24] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 14:59:24] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 14:59:35] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 40s elapsed) [2026-04-21 14:59:35] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 14:59:35] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 14:59:45] [PROGRESS] Applications: 43/44 ready | 1 pending (0m 51s elapsed) [2026-04-21 14:59:45] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 14:59:45] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 14:59:55] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 1s elapsed) [2026-04-21 14:59:55] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 14:59:55] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 15:00:05] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 11s elapsed) [2026-04-21 15:00:05] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 15:00:05] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 15:00:15] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 21s elapsed) [2026-04-21 15:00:15] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 15:00:15] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 15:00:25] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 31s elapsed) [2026-04-21 15:00:26] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 15:00:26] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 15:00:36] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 42s elapsed) [2026-04-21 15:00:36] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 15:00:36] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 15:00:46] [PROGRESS] Applications: 43/44 ready | 1 pending (1m 52s elapsed) [2026-04-21 15:00:46] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 15:00:46] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 15:00:56] [PROGRESS] Applications: 43/44 ready | 1 pending (2m 2s elapsed) [2026-04-21 15:00:56] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 15:00:56] [SUBSTEP] Detailed status of pending applications: [2026-04-21 15:00:56] [INFO] ├─ App: konflux-kite-in-cluster-local [2026-04-21 15:00:56] [INFO] │ ├─ Sync Status: OutOfSync [2026-04-21 15:00:56] [INFO] │ ├─ Health Status: Healthy [2026-04-21 15:00:56] [INFO] │ ├─ Out-of-sync resources: 1 [2026-04-21 15:00:56] [INFO] │ └─ Message: No message [2026-04-21 15:00:56] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 15:01:07] [PROGRESS] Applications: 43/44 ready | 1 pending (2m 12s elapsed) [2026-04-21 15:01:07] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 15:01:07] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 15:01:17] [PROGRESS] Applications: 43/44 ready | 1 pending (2m 23s elapsed) [2026-04-21 15:01:17] [INFO] Pending: konflux-kite-in-cluster-local [2026-04-21 15:01:17] [WAITING] Waiting 10 seconds before next sync check... [2026-04-21 15:01:27] [PROGRESS] Applications: 44/44 ready | 0 pending (2m 33s elapsed) [2026-04-21 15:01:27] [SUCCESS] All 44 ArgoCD applications are Synced and Healthy in 2m 33s ============================================================================= [2026-04-21 15:01:27] [STEP] Waiting for Tekton components to be ready ============================================================================= [2026-04-21 15:01:27] [INFO] Reference: https://tekton.dev/docs/operator/tektonconfig/#tekton-config [2026-04-21 15:01:27] [INFO] Timeout: 900 seconds (15 minutes) [2026-04-21 15:01:27] [PROGRESS] Tekton readiness check iteration 1: status=True (0m 0s elapsed) [2026-04-21 15:01:27] [SUCCESS] All Tekton components are installed and ready in 0m 0s ============================================================================= [2026-04-21 15:01:27] [STEP] Waiting for Tekton CRDs to be available ============================================================================= [2026-04-21 15:01:27] [PROGRESS] Tekton CRD check attempt 1/5 [2026-04-21 15:01:27] [SUCCESS] All required Tekton CRDs are available: pipelines tasks pipelineruns taskruns ============================================================================= [2026-04-21 15:01:27] [STEP] Configuring Pipelines as Code integration ============================================================================= [2026-04-21 15:01:27] [INFO] ============================================================================= [2026-04-21 15:01:27] [INFO] Pipelines as Code (PAC) Integration Setup [2026-04-21 15:01:27] [INFO] ============================================================================= [2026-04-21 15:01:27] [INFO] PAC Namespace: openshift-pipelines [2026-04-21 15:01:27] [INFO] PAC Secret Name: pipelines-as-code-secret [2026-04-21 15:01:27] [INFO] Integration Namespace: integration-service [2026-04-21 15:01:27] [INFO] Authentication method: GitHub App [2026-04-21 15:01:27] [INFO] - GitHub App ID: 310332 [2026-04-21 15:01:27] [INFO] Using existing QE sprayproxy configuration (webhook secret provided) [2026-04-21 15:01:27] [SUCCESS] GitHub App credentials configured [2026-04-21 15:01:27] [INFO] GitHub token provided via MY_GITHUB_TOKEN (fallback) [2026-04-21 15:01:27] [DEBUG] No GitLab token provided (PAC_GITLAB_TOKEN not set) [2026-04-21 15:01:27] [INFO] Creating required namespaces [2026-04-21 15:01:27] [SUBSTEP] Ensuring namespace 'openshift-pipelines' exists [2026-04-21 15:01:28] [DEBUG] Namespace 'openshift-pipelines' already exists [2026-04-21 15:01:28] [SUBSTEP] Ensuring namespace 'build-service' exists [2026-04-21 15:01:28] [DEBUG] Namespace 'build-service' already exists [2026-04-21 15:01:28] [SUBSTEP] Ensuring namespace 'integration-service' exists [2026-04-21 15:01:28] [DEBUG] Namespace 'integration-service' already exists [2026-04-21 15:01:28] [INFO] Configuring PAC secrets across namespaces [2026-04-21 15:01:28] [SUBSTEP] Creating PAC secret in namespace 'openshift-pipelines' secret/pipelines-as-code-secret created [2026-04-21 15:01:33] [SUCCESS] PAC secret configured in 'openshift-pipelines' [2026-04-21 15:01:33] [SUBSTEP] Creating PAC secret in namespace 'build-service' secret/pipelines-as-code-secret created [2026-04-21 15:01:34] [SUCCESS] PAC secret configured in 'build-service' [2026-04-21 15:01:34] [SUBSTEP] Creating PAC secret in namespace 'integration-service' secret/pipelines-as-code-secret created [2026-04-21 15:01:34] [SUCCESS] PAC secret configured in 'integration-service' [2026-04-21 15:01:34] [SUBSTEP] Creating PAC secret in namespace 'mintmaker' secret/pipelines-as-code-secret created [2026-04-21 15:01:35] [SUCCESS] PAC secret configured in 'mintmaker' [2026-04-21 15:01:35] [INFO] ============================================================================= [2026-04-21 15:01:35] [SUCCESS] PAC Integration Setup Complete [2026-04-21 15:01:35] [INFO] ============================================================================= [2026-04-21 15:01:35] [INFO] Configured namespaces: [2026-04-21 15:01:35] [INFO] - openshift-pipelines (PAC controller) [2026-04-21 15:01:35] [INFO] - build-service (Build Service) [2026-04-21 15:01:35] [INFO] - integration-service (Integration Service) [2026-04-21 15:01:35] [INFO] - mintmaker (Mintmaker) [PAC_SETUP_JSON] {"status":"success","namespaces":["openshift-pipelines","build-service","integration-service","mintmaker"],"github_app_configured":true,"github_token_configured":true,"gitlab_token_configured":false} [2026-04-21 15:01:35] [SUCCESS] Pipelines as Code configured ============================================================================= [2026-04-21 15:01:35] [STEP] Preview Environment Setup Complete ============================================================================= [2026-04-21 15:01:35] [SUCCESS] Konflux preview environment is ready! [2026-04-21 15:01:35] [INFO] - Fork: https://github.com/redhat-appstudio-qe/infra-deployments.git [2026-04-21 15:01:35] [INFO] - Branch: preview-main-ukwe [2026-04-21 15:01:35] [INFO] - GitHub Org: redhat-appstudio-qe [2026-04-21 15:01:35] [INFO] - OpenShift Version: 4.18.9 [2026-04-21 15:01:35] [INFO] - End time: 2026-04-21 15:01:35 UTC ============================================================================= [2026-04-21 15:01:35] [STEP] Execution Summary ============================================================================= [2026-04-21 15:01:35] [SUCCESS] Status: SUCCESS [2026-04-21 15:01:35] [INFO] Total Execution Time: 13m 21s (801 seconds) [2026-04-21 15:01:35] [INFO] Applications Deployed: 44 [EXECUTION_SUMMARY_JSON] {"status":"success","total_time_seconds":801,"apps_deployed":44,"ocp_version":"4.18.9","preview_branch":"preview-main-ukwe","git_repo":"https://github.com/redhat-appstudio-qe/infra-deployments.git"} Switched to branch 'main' Your branch is up to date with 'upstream/main'. ============================================================================= [2026-04-21 15:01:35] [STEP] Cluster Bootstrap Complete ============================================================================= [2026-04-21 15:01:35] [SUCCESS] Konflux cluster bootstrap finished successfully [2026-04-21 15:01:35] [INFO] - Mode: preview [2026-04-21 15:01:35] [INFO] - Total time: 15m 11s [2026-04-21 15:01:35] [INFO] - End time: 2026-04-21 15:01:35 UTC [BOOTSTRAP_SUMMARY_JSON] {"status":"success","mode":"preview","obo_enabled":false,"eaas_enabled":false,"total_time_seconds":911} [controller-runtime] log.SetLogger(...) was never called; logs will not be displayed. Detected at: > goroutine 99 [running]: > runtime/debug.Stack() > /usr/lib/golang/src/runtime/debug/stack.go:26 +0x5e > sigs.k8s.io/controller-runtime/pkg/log.eventuallyFulfillRoot() > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/log/log.go:60 +0xcd > sigs.k8s.io/controller-runtime/pkg/log.(*delegatingLogSink).WithName(0xc00091de40, {0x375d748, 0x14}) > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/log/deleg.go:147 +0x3e > github.com/go-logr/logr.Logger.WithName({{0x3fd9000, 0xc00091de40}, 0x0}, {0x375d748?, 0x0?}) > /opt/app-root/src/go/pkg/mod/github.com/go-logr/logr@v1.4.3/logr.go:345 +0x36 > sigs.k8s.io/controller-runtime/pkg/client.newClient(0x1?, {0x0, 0xc000885260, {0x0, 0x0}, 0x0, 0x0}) > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/client/client.go:118 +0xdb > sigs.k8s.io/controller-runtime/pkg/client.New(0xc000a5e008?, {0x0, 0xc000885260, {0x0, 0x0}, 0x0, 0x0}) > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/client/client.go:98 +0x4d > github.com/konflux-ci/e2e-tests/pkg/clients/kubernetes.NewAdminKubernetesClient() > /tmp/tmp.Z3CXXW4lH8/pkg/clients/kubernetes/client.go:159 +0x8f > github.com/konflux-ci/e2e-tests/pkg/clients/sprayproxy.GetPaCHost() > /tmp/tmp.Z3CXXW4lH8/pkg/clients/sprayproxy/sprayproxy.go:93 +0x1c > github.com/konflux-ci/e2e-tests/magefiles/rulesengine/repos.registerPacServer() > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/repos/common.go:421 +0x78 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine/repos.init.func8(0xc000918a08?) > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/repos/common.go:373 +0x25 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.ActionFunc.Execute(0xc?, 0x3734df1?) > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/types.go:279 +0x19 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Apply(...) > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/types.go:315 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Check(0x61267a0, 0xc000918a08) > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/types.go:348 +0xb3 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.All.Check({0x611e6e0?, 0xc00140bbd8?, 0x2409219?}, 0xc000918a08) > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/types.go:245 +0x4f > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Eval(...) > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/types.go:308 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Check(0x6126860, 0xc000918a08) > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/types.go:340 +0x2b > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.All.Check({0x61284e0?, 0xc0011bdc90?, 0x42ee65?}, 0xc000918a08) > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/types.go:245 +0x4f > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Eval(...) > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/types.go:308 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*RuleEngine).runLoadedCatalog(0x615f048, {0xc0014c6a08?, 0xc0011bde60?, 0x47?}, 0xc000918a08) > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/types.go:129 +0x11f > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*RuleEngine).RunRulesOfCategory(0x615f048, {0x372eda2, 0x2}, 0xc000918a08) > /tmp/tmp.Z3CXXW4lH8/magefiles/rulesengine/types.go:121 +0x1b4 > main.CI.TestE2E({}) > /tmp/tmp.Z3CXXW4lH8/magefiles/magefile.go:331 +0x18a > main.main.func20({0xc00040c8c0?, 0xc0000a8008?}) > /tmp/tmp.Z3CXXW4lH8/magefiles/mage_output_file.go:888 +0xf > main.main.func12.1() > /tmp/tmp.Z3CXXW4lH8/magefiles/mage_output_file.go:306 +0x5b > created by main.main.func12 in goroutine 1 > /tmp/tmp.Z3CXXW4lH8/magefiles/mage_output_file.go:301 +0xbe I0421 15:01:35.886623 19273 common.go:429] Registered PaC server: https://pipelines-as-code-controller-openshift-pipelines.apps.rosa.kx-1b2e98ba8f.4wjs.p3.openshiftapps.com I0421 15:01:35.957160 19273 common.go:454] The PaC servers registered in Sprayproxy: https://pipelines-as-code-controller-openshift-pipelines.apps.rosa.kx-1b2e98ba8f.4wjs.p3.openshiftapps.com, https://pipelines-as-code-controller-openshift-pipelines.apps.rosa.kx-283ab81d79.70f7.p3.openshiftapps.com I0421 15:01:35.957187 19273 common.go:470] going to create new Tekton bundle remote-build for the purpose of testing multi-platform-controller PR I0421 15:01:36.655364 19273 common.go:511] Found current task ref quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:62f09c50d552eac57e17638c67e88b0982352a71975858c8ba262bcff293de06 I0421 15:01:36.659999 19273 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776783695-taie -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: buildah-remote-pipeline to image I0421 15:01:42.589745 19273 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776783695-taie: quay.io/redhat-appstudio-qe/test-images@sha256:0e4f95bcea5a537acac5d4e7db5f6ea5c8d481b1c8da6136ae8b4c759f2c0065 I0421 15:01:42.589780 19273 common.go:537] SETTING ENV VAR CUSTOM_BUILDAH_REMOTE_PIPELINE_BUILD_BUNDLE_ARM64 to value quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776783695-taie I0421 15:01:42.940406 19273 common.go:511] Found current task ref quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:62f09c50d552eac57e17638c67e88b0982352a71975858c8ba262bcff293de06 I0421 15:01:42.942051 19273 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776783702-uqug -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: buildah-remote-pipeline to image I0421 15:01:44.358336 19273 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776783702-uqug: quay.io/redhat-appstudio-qe/test-images@sha256:8ff0c3e80dbbc428a1072aead133f966e0c2e1804c7ddc4f62614895637aabdb I0421 15:01:44.358361 19273 common.go:537] SETTING ENV VAR CUSTOM_BUILDAH_REMOTE_PIPELINE_BUILD_BUNDLE_S390X to value quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776783702-uqug I0421 15:01:44.580825 19273 common.go:511] Found current task ref quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:62f09c50d552eac57e17638c67e88b0982352a71975858c8ba262bcff293de06 I0421 15:01:44.582532 19273 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776783704-uszz -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: buildah-remote-pipeline to image I0421 15:01:45.857966 19273 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776783704-uszz: quay.io/redhat-appstudio-qe/test-images@sha256:7267f05aea9461b494b30a7686d581801f5b541051b97e646784abb6ab9cbdb2 I0421 15:01:45.858069 19273 common.go:537] SETTING ENV VAR CUSTOM_BUILDAH_REMOTE_PIPELINE_BUILD_BUNDLE_PPC64LE to value quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1776783704-uszz exec: ginkgo "--seed=1776782775" "--timeout=1h30m0s" "--grace-period=30s" "--output-interceptor-mode=none" "--focus-file=tests/integration-service/forgejo-integration-reporting.go" "--focus-file=tests/integration-service/gitlab-integration-reporting.go" "--focus-file=tests/integration-service/group-snapshots-tests.go" "--focus-file=tests/integration-service/integration.go" "--focus-file=tests/integration-service/status-reporting-to-pullrequest.go" "--no-color" "--json-report=e2e-report.json" "--junit-report=e2e-report.xml" "--procs=20" "--nodes=20" "--p" "--output-dir=/workspace/artifact-dir" "./cmd" "--" go: downloading github.com/IBM/vpc-go-sdk v0.48.0 go: downloading github.com/IBM/go-sdk-core/v5 v5.15.3 go: downloading github.com/aws/aws-sdk-go-v2 v1.41.3 go: downloading github.com/minio/minio-go/v7 v7.0.99 go: downloading github.com/aws/aws-sdk-go-v2/service/ec2 v1.143.0 go: downloading github.com/aws/aws-sdk-go-v2/config v1.31.3 go: downloading github.com/konflux-ci/build-service v0.0.0-20240611083846-2dee6cfe6fe4 go: downloading github.com/go-openapi/strfmt v0.23.0 go: downloading github.com/go-playground/validator/v10 v10.17.0 go: downloading github.com/google/go-github/v45 v45.2.0 go: downloading go.mongodb.org/mongo-driver v1.17.4 go: downloading github.com/oklog/ulid v1.3.1 go: downloading github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c go: downloading github.com/go-openapi/errors v0.22.2 go: downloading github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 go: downloading github.com/go-ini/ini v1.67.0 go: downloading github.com/dustin/go-humanize v1.0.1 go: downloading github.com/minio/md5-simd v1.1.2 go: downloading github.com/klauspost/crc32 v1.3.0 go: downloading github.com/minio/crc64nvme v1.1.1 go: downloading github.com/tinylib/msgp v1.6.1 go: downloading github.com/rs/xid v1.6.0 go: downloading github.com/aws/smithy-go v1.24.2 go: downloading github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4 go: downloading github.com/aws/aws-sdk-go-v2/credentials v1.18.7 go: downloading github.com/aws/aws-sdk-go-v2/service/sso v1.28.2 go: downloading github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 go: downloading github.com/aws/aws-sdk-go-v2/service/sts v1.38.0 go: downloading github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.0 go: downloading github.com/gabriel-vasile/mimetype v1.4.3 go: downloading github.com/go-playground/universal-translator v0.18.1 go: downloading github.com/leodido/go-urn v1.3.0 go: downloading github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 go: downloading github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19 go: downloading github.com/go-playground/locales v0.14.1 go: downloading github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.6 go: downloading github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19 go: downloading github.com/philhofer/fwd v1.2.0 Running Suite: Red Hat App Studio E2E tests - /tmp/tmp.Z3CXXW4lH8/cmd ===================================================================== Random Seed: 1776782775 Will run 137 of 477 specs Running in parallel across 20 processes SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies if the release CR is created [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_push_to_registry_redhat_io.go:108 ------------------------------ SSSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies the rhio release pipelinerun is running and succeeds [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_push_to_registry_redhat_io.go:118 ------------------------------ SSSSSSSSSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_push_to_registry_redhat_io.go:148 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that a Release CR should have been created in the dev namespace [release-pipelines, push-to-external-registry] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/push_to_external_registry.go:157 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies if the MR URL is valid [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_push_to_registry_redhat_io.go:159 ------------------------------ SSS ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that Release PipelineRun should eventually succeed [release-pipelines, push-to-external-registry] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/push_to_external_registry.go:164 ------------------------------ SSSSS ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification tests if the image was pushed to quay [release-pipelines, push-to-external-registry] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/push_to_external_registry.go:168 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that a Release is marked as succeeded. [release-pipelines, push-to-external-registry] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/push_to_external_registry.go:175 ------------------------------ SSSSSSSSSSSS ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /tmp/tmp.Z3CXXW4lH8/tests/build/pac_build.go:600 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies the release CR is created [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/multiarch_advisories.go:112 ------------------------------ SSSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies the multiarch release pipelinerun is running and succeeds [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/multiarch_advisories.go:122 ------------------------------ SSSS ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider fj PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, forgejo, build-custom-branch] /tmp/tmp.Z3CXXW4lH8/tests/build/pac_build.go:642 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/multiarch_advisories.go:152 ------------------------------ SSSSSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies if the repository URL is valid [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/multiarch_advisories.go:163 ------------------------------ SSSSSSSSSSSSSSSS ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification tests that Release CR is created for the Snapshot [release-pipelines, rh-push-to-external-registry] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_push_to_external_registry.go:215 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test build secret lookup when two secrets are created when second component is deleted, pac pr branch should not exist in the repo [build-service, github, pac-build, secret-lookup] /tmp/tmp.Z3CXXW4lH8/tests/build/secret_lookup.go:206 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification verifies a release PipelineRun is started and succeeded in managed namespace [release-pipelines, rh-push-to-external-registry] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_push_to_external_registry.go:226 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:123 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification validate the result of task create-pyxis-image contains image ids [release-pipelines, rh-push-to-external-registry] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_push_to_external_registry.go:233 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:128 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification tests that Release CR has completed [release-pipelines, rh-push-to-external-registry] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_push_to_external_registry.go:248 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:132 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification validates that imageIds from task create-pyxis-image exist in Pyxis. [release-pipelines, rh-push-to-external-registry] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_push_to_external_registry.go:265 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:136 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:178 ------------------------------ SSSSSSS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:183 ------------------------------ SSSSSS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:187 ------------------------------ SSSSSSSSS ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params when context points to a file [build-templates] /tmp/tmp.Z3CXXW4lH8/tests/build/tkn-bundle.go:188 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, aws-host-pool] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:120 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:191 ------------------------------ SSSSS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, aws-host-pool] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:124 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles from specific context [build-templates] /tmp/tmp.Z3CXXW4lH8/tests/build/tkn-bundle.go:199 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies if release CR is created [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/release_to_github.go:138 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies if release CR is created [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_advisories.go:117 ------------------------------ SSS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:233 ------------------------------ SSSSSS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, aws-host-pool] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:127 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies if the release CR is created [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rhtap_service_push.go:150 ------------------------------ SSS ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params when context is the root directory [build-templates] /tmp/tmp.Z3CXXW4lH8/tests/build/tkn-bundle.go:209 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies the release pipelinerun is running and succeeds [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/release_to_github.go:148 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles when context points to a file and a directory [build-templates] /tmp/tmp.Z3CXXW4lH8/tests/build/tkn-bundle.go:218 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies the advs release pipelinerun is running and succeeds [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_advisories.go:127 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:238 ------------------------------ SSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_advisories.go:157 ------------------------------ S ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, aws-host-pool] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:148 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies the rhtap release pipelinerun is running and succeeds [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rhtap_service_push.go:160 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created test that cleanup happened successfully [multi-platform, aws-host-pool] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:152 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rhtap_service_push.go:190 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, aws-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:251 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/release_to_github.go:181 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, aws-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:255 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies if the Release exists in github repo [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/release_to_github.go:192 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, aws-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:259 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:242 ------------------------------ SSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies if the repository URL is valid [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rh_advisories.go:168 ------------------------------ SSS ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies if the PR in infra-deployments repo is created/updated [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/rhtap_service_push.go:200 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles when using negation [build-templates] /tmp/tmp.Z3CXXW4lH8/tests/build/tkn-bundle.go:228 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, aws-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:263 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params allows overriding HOME environment variable [build-templates] /tmp/tmp.Z3CXXW4lH8/tests/build/tkn-bundle.go:238 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:246 ------------------------------ SSSSSS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, aws-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:267 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /tmp/tmp.Z3CXXW4lH8/tests/build/pac_build.go:600 ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gl PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, gitlab, build-custom-branch] /tmp/tmp.Z3CXXW4lH8/tests/build/pac_build.go:642 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:286 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params allows overriding STEP image [build-templates] /tmp/tmp.Z3CXXW4lH8/tests/build/tkn-bundle.go:247 ------------------------------ SSS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, ibmz-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:341 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:291 ------------------------------ SS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, ibmz-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:345 ------------------------------ SS ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:295 ------------------------------ S ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, ibmz-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:349 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta) when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta should have Pipeline Logs [build, build-templates, HACBS, pipeline-service, pipeline] /tmp/tmp.Z3CXXW4lH8/tests/build/build_templates.go:507 ------------------------------ S ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.Z3CXXW4lH8/tests/release/pipelines/fbc_release.go:299 ------------------------------ SS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, ibmz-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:353 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged retrigger the pipeline manually [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /tmp/tmp.Z3CXXW4lH8/tests/build/pac_build.go:600 ------------------------------ SS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, ibmz-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:357 ------------------------------ SS ------------------------------ P [PENDING] [build-service-suite Build service E2E tests] test git provider gh PaC component build when the PaC init branch is merged retriggered pipelineRun should eventually finish [build-service, github-webhook, pac-build, pipeline, image-controller, github, build-custom-branch] /tmp/tmp.Z3CXXW4lH8/tests/build/pac_build.go:642 ------------------------------ SS ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta) when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry verify-enterprise-contract check should pass [build, build-templates, HACBS, pipeline-service, pipeline, sbom, slow, build-templates-e2e] /tmp/tmp.Z3CXXW4lH8/tests/build/build_templates.go:569 ------------------------------ SS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, ibmp-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:432 ------------------------------ SSS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, ibmp-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:436 ------------------------------ SS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, ibmp-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:440 ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta) build-definitions ec pipelines runs ec pipeline pipelines/enterprise-contract.yaml [build, build-templates, HACBS, pipeline-service, pipeline, build-templates-e2e] /tmp/tmp.Z3CXXW4lH8/tests/build/build_templates.go:744 ------------------------------ S ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, ibmp-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:444 ------------------------------ SS ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, ibmp-dynamic] /tmp/tmp.Z3CXXW4lH8/tests/build/multi-platform.go:448 ------------------------------ SSSSS ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta-min) when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta-min should have Pipeline Logs [build, build-templates, HACBS, pipeline-service, pipeline] /tmp/tmp.Z3CXXW4lH8/tests/build/build_templates.go:507 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta-min) when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry verify-enterprise-contract check should pass [build, build-templates, HACBS, pipeline-service, pipeline, sbom, slow, build-templates-e2e] /tmp/tmp.Z3CXXW4lH8/tests/build/build_templates.go:569 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build-oci-ta-min) build-definitions ec pipelines runs ec pipeline pipelines/enterprise-contract.yaml [build, build-templates, HACBS, pipeline-service, pipeline, build-templates-e2e] /tmp/tmp.Z3CXXW4lH8/tests/build/build_templates.go:744 ------------------------------ SSSSSS ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build) when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build should have Pipeline Logs [build, build-templates, HACBS, pipeline-service, pipeline] /tmp/tmp.Z3CXXW4lH8/tests/build/build_templates.go:507 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build) when the container image for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic is created and pushed to container registry verify-enterprise-contract check should pass [build, build-templates, HACBS, pipeline-service, pipeline, sbom, slow, build-templates-e2e] /tmp/tmp.Z3CXXW4lH8/tests/build/build_templates.go:569 ------------------------------ S ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci (docker-build) build-definitions ec pipelines runs ec pipeline pipelines/enterprise-contract.yaml [build, build-templates, HACBS, pipeline-service, pipeline, build-templates-e2e] /tmp/tmp.Z3CXXW4lH8/tests/build/build_templates.go:744 ------------------------------ S•••••••••••• ------------------------------ • [FAILED] [381.066 seconds] [integration-service-suite Status Reporting of Integration tests] with status reporting of Integration tests in CheckRuns when a new Component with specified custom branch is created [It] should lead to build PipelineRun finishing successfully [integration-service, github-status-reporting, custom-branch] /tmp/tmp.Z3CXXW4lH8/tests/integration-service/status-reporting-to-pullrequest.go:142 Timeline >> PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Running PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: PipelineRunStopping PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: PipelineRunStopping PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: PipelineRunStopping PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: PipelineRunStopping PipelineRun test-component-pac-msvtwa-on-pull-request-5pzd9 reason: Failed [FAILED] in [It] - /tmp/tmp.Z3CXXW4lH8/tests/integration-service/status-reporting-to-pullrequest.go:144 @ 04/21/26 15:11:23.623 << Timeline [FAILED] build pipelinerun fails for NameSpace/Application/Component stat-rep-rktv/integ-app-ksjz/test-component-pac-msvtwa with logs: Pipelinerun 'test-component-pac-msvtwa-on-pull-request-5pzd9' didn't succeed Expected success, but got an error: <*errors.errorString | 0xc000752f50>: Pipelinerun 'test-component-pac-msvtwa-on-pull-request-5pzd9' didn't succeed { s: "Pipelinerun 'test-component-pac-msvtwa-on-pull-request-5pzd9' didn't succeed\n", } In [It] at: /tmp/tmp.Z3CXXW4lH8/tests/integration-service/status-reporting-to-pullrequest.go:144 @ 04/21/26 15:11:23.623 ------------------------------ SSSSSSSSSSSSSSSSSSS•••••••••••••••••••••••••• ------------------------------ • [FAILED] [61.023 seconds] [integration-service-suite Integration Service E2E tests] with happy path for general flow of Integration service when the build pipelineRun run succeeded [It] checks if all of the integrationPipelineRuns passed [integration-service, slow] /tmp/tmp.Z3CXXW4lH8/tests/integration-service/integration.go:154 Timeline >> Integration test scenario my-integration-test-yyvq is found PipelineRun my-integration-test-yyvq-mrsw7 reason: Running PipelineRun my-integration-test-yyvq-mrsw7 reason: Running PipelineRun my-integration-test-yyvq-mrsw7 reason: Running PipelineRun my-integration-test-yyvq-mrsw7 reason: Failed [FAILED] in [It] - /tmp/tmp.Z3CXXW4lH8/tests/integration-service/integration.go:155 @ 04/21/26 15:15:55.357 << Timeline [FAILED] Expected success, but got an error: <*errors.errorString | 0xc0006c66b0>: error occurred while waiting for Integration PLR (associated with IntegrationTestScenario: my-integration-test-yyvq) to get finished in integration1-gpqn namespace. Error: Pipelinerun 'my-integration-test-yyvq-mrsw7' didn't succeed { s: "error occurred while waiting for Integration PLR (associated with IntegrationTestScenario: my-integration-test-yyvq) to get finished in integration1-gpqn namespace. Error: Pipelinerun 'my-integration-test-yyvq-mrsw7' didn't succeed\n", } In [It] at: /tmp/tmp.Z3CXXW4lH8/tests/integration-service/integration.go:155 @ 04/21/26 15:15:55.357 ------------------------------ SSSSSSSSSSSSSSSSSSSSSSSSSSS•••••••••••••••••••••••••••• ------------------------------ • [FAILED] [1666.980 seconds] [integration-service-suite Forgejo Status Reporting of Integration tests] Forgejo with status reporting of Integration tests in the associated merge request when a new Component with specified custom branch is created [It] should lead to build PipelineRun finishing successfully [integration-service, forgejo-status-reporting, custom-branch] /tmp/tmp.Z3CXXW4lH8/tests/integration-service/forgejo-integration-reporting.go:177 Timeline >> PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx found for Component forgejo-rep-wyxv/test-comp-pac-forgejo-qslzwy PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Running PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx reason: Failed attempt 1/3: PipelineRun "test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx" failed: pod: test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx-init-pod | init container: prepare 2026/04/21 15:05:15 Entrypoint initialization pod: test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx-init-pod | container step-init: time="2026-04-21T15:05:19Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-21T15:05:19Z" level=info msg="[param] enable: false" time="2026-04-21T15:05:19Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-21T15:05:19Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-21T15:05:19Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-21T15:05:19Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-21T15:05:19Z" level=info msg="Cache proxy is disabled in param or in backend" time="2026-04-21T15:05:19Z" level=info msg="[result] HTTP PROXY: " time="2026-04-21T15:05:19Z" level=info msg="[result] NO PROXY: " pod: test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx-tpa-scan-pod | init container: prepare 2026/04/21 15:11:58 Entrypoint initialization pod: test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx-tpa-scan-pod | init container: place-scripts 2026/04/21 15:11:59 Decoded script /tekton/scripts/script-0-sttrt 2026/04/21 15:11:59 Decoded script /tekton/scripts/script-1-92qj7 2026/04/21 15:11:59 Decoded script /tekton/scripts/script-2-k9b6g pod: test-comp-pac-forgejo-qslzwy-on-pull-request-6k4jx-tpa-scan-pod | container step-get-vulnerabilities: Inspecting raw image manifest quay.io/redhat-appstudio-qe/forgejo-rep-wyxv/test-comp-pac-forgejo-qslzwy@sha256:760eff872369765f33e2c676903e2f6645ed1dc20f42f8bac939245de4a661be. Selecting auth Using token for quay.io/redhat-appstudio-qe/forgejo-rep-wyxv/test-comp-pac-forgejo-qslzwy Selecting auth Using token for quay.io/redhat-appstudio-qe/forgejo-rep-wyxv/test-comp-pac-forgejo-qslzwy WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation '. Found SBOM of media type: text/spdx+json Running TPA scan on amd64 image manifest... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 360k 0 0 100 360k 0 1735k --:--:-- --:--:-- --:--:-- 1727k{ "scanned" : { "total" : 152, "direct" : 25, "transitive" : 127 }, "providers" : { "rhtpa" : { "status" : { "ok" : true, "name" : "rhtpa", "code" : 200, "message" : "OK", "warnings" : { "pkg:maven/io.github.stuartwdouglas.hacbstest.Main/hacbs-test" : [ "Unable to process: missing version component" ] } }, "sources" : { "osv-github" : { "summary" : { "direct" : 2, "transitive" : 0, "total" : 2, "dependencies" : 1, "critical" : 0, "high" : 2, "medium" : 0, "low" : 0, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:pypi/setuptools@39.2.0", "issues" : [ { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } } ] }, "redhat-csaf" : { "summary" : { "direct" : 50, "transitive" : 343, "total" : 393, "dependencies" : 57, "critical" : 7, "high" : 134, "medium" : 233, "low" : 19, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=openldap-2.4.46-21.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-21945", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21945" ], "unique" : false }, { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2026-21933", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21933" ], "unique" : false }, { "id" : "CVE-2026-21925", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21925" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/javapackages-filesystem@5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6?arch=noarch&distro=rhel-8.10&upstream=javapackages-tools-5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6.src.rpm", "issues" : [ { "id" : "CVE-2025-48734", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-48734" ], "unique" : false }, { "id" : "CVE-2019-10086", "title" : "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2019-10086" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-48734", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-48734" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cups-libs@2.2.6-67.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=cups-2.2.6-67.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-58060", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-58060" ], "unique" : false }, { "id" : "CVE-2024-47175", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2024-47175" ], "unique" : false }, { "id" : "CVE-2023-34241", "title" : "CUPS vulnerable to use-after-free in cupsdAcceptClient()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-34241" ], "unique" : false }, { "id" : "CVE-2022-26691", "title" : "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-26691" ], "unique" : false }, { "id" : "CVE-2023-32360", "title" : "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32360" ], "unique" : false }, { "id" : "CVE-2025-58364", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-58364" ], "unique" : false }, { "id" : "CVE-2023-32324", "title" : "OpenPrinting CUPS vulnerable to heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32324" ], "unique" : false }, { "id" : "CVE-2025-58436", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-58436" ], "unique" : false }, { "id" : "CVE-2024-35235", "title" : "Cupsd Listen arbitrary chmod 0140777", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35235" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-58060", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-58060" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=rhel-8.10&upstream=gnutls-3.6.16-8.el8_10.5.src.rpm", "issues" : [ { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false }, { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2023-0361", "title" : "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0361" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false }, { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false }, { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-libs@1.12.8-27.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=dbus-1.12.8-27.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-42010", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42010" ], "unique" : false }, { "id" : "CVE-2022-42011", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42011" ], "unique" : false }, { "id" : "CVE-2022-42012", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42012" ], "unique" : false }, { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-42010", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42010" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/avahi-libs@0.7-27.el8_10.1?arch=x86_64&distro=rhel-8.10&upstream=avahi-0.7-27.el8_10.1.src.rpm", "issues" : [ { "id" : "CVE-2021-3468", "title" : "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3468" ], "unique" : false }, { "id" : "CVE-2023-1981", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1981" ], "unique" : false }, { "id" : "CVE-2023-38469", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38469" ], "unique" : false }, { "id" : "CVE-2023-38470", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38470" ], "unique" : false }, { "id" : "CVE-2023-38471", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38471" ], "unique" : false }, { "id" : "CVE-2023-38472", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38472" ], "unique" : false }, { "id" : "CVE-2023-38473", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38473" ], "unique" : false }, { "id" : "CVE-2021-3502", "title" : "A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3502" ], "unique" : false }, { "id" : "CVE-2024-52615", "title" : "Avahi: avahi wide-area dns uses constant source port", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52615" ], "unique" : false }, { "id" : "CVE-2024-52616", "title" : "Avahi: avahi wide-area dns predictable transaction ids", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52616" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-3468", "title" : "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3468" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64&distro=rhel-8.10&upstream=systemd-239-82.el8_10.15.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2022-3821", "title" : "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3821" ], "unique" : false }, { "id" : "CVE-2022-4415", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4415" ], "unique" : false }, { "id" : "CVE-2022-45873", "title" : "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-45873" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=rhel-8.10&upstream=libgcrypt-1.8.5-7.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/alsa-lib@1.2.10-2.el8?arch=x86_64&distro=rhel-8.10&upstream=alsa-lib-1.2.10-2.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-25068", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25068" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-25068", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25068" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm", "issues" : [ { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false }, { "id" : "CVE-2022-22576", "title" : "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2022-22576" ], "unique" : false }, { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2022-27775", "title" : "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27775" ], "unique" : false }, { "id" : "CVE-2022-27782", "title" : "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27782" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2022-32206", "title" : "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32206" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl '. Found SBOM of media type: text/spdx+json Running TPA scan on amd64 image manifest... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 360k 0 0 100 360k 0 420k --:--:-- --:--:-- --:--:-- 419k{ "scanned" : { "total" : 152, "direct" : 25, "transitive" : 127 }, "providers" : { "rhtpa" : { "status" : { "ok" : true, "name" : "rhtpa", "code" : 200, "message" : "OK", "warnings" : { "pkg:maven/io.github.stuartwdouglas.hacbstest.Main/hacbs-test" : [ "Unable to process: missing version component" ] } }, "sources" : { "osv-github" : { "summary" : { "direct" : 2, "transitive" : 0, "total" : 2, "dependencies" : 1, "critical" : 0, "high" : 2, "medium" : 0, "low" : 0, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:pypi/setuptools@39.2.0", "issues" : [ { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } } ] }, "redhat-csaf" : { "summary" : { "direct" : 50, "transitive" : 343, "total" : 393, "dependencies" : 57, "critical" : 7, "high" : 134, "medium" : 233, "low" : 19, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=openldap-2.4.46-21.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-21945", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21945" ], "unique" : false }, { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2026-21933", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21933" ], "unique" : false }, { "id" : "CVE-2026-21925", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21925" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/javapackages-filesystem@5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6?arch=noarch&distro=rhel-8.10&upstream=javapackages-tools-5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6.src.rpm", "issues" : [ { "id" : "CVE-2025-48734", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-48734" ], "unique" : false }, { "id" : "CVE-2019-10086", "title" : "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2019-10086" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-48734", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-48734" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cups-libs@2.2.6-67.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=cups-2.2.6-67.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-58060", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-58060" ], "unique" : false }, { "id" : "CVE-2024-47175", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2024-47175" ], "unique" : false }, { "id" : "CVE-2023-34241", "title" : "CUPS vulnerable to use-after-free in cupsdAcceptClient()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-34241" ], "unique" : false }, { "id" : "CVE-2022-26691", "title" : "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-26691" ], "unique" : false }, { "id" : "CVE-2023-32360", "title" : "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32360" ], "unique" : false }, { "id" : "CVE-2025-58364", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-58364" ], "unique" : false }, { "id" : "CVE-2023-32324", "title" : "OpenPrinting CUPS vulnerable to heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32324" ], "unique" : false }, { "id" : "CVE-2025-58436", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-58436" ], "unique" : false }, { "id" : "CVE-2024-35235", "title" : "Cupsd Listen arbitrary chmod 0140777", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35235" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-58060", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-58060" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=rhel-8.10&upstream=gnutls-3.6.16-8.el8_10.5.src.rpm", "issues" : [ { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false }, { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2023-0361", "title" : "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0361" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false }, { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false }, { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-libs@1.12.8-27.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=dbus-1.12.8-27.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-42010", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42010" ], "unique" : false }, { "id" : "CVE-2022-42011", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42011" ], "unique" : false }, { "id" : "CVE-2022-42012", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42012" ], "unique" : false }, { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-42010", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42010" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/avahi-libs@0.7-27.el8_10.1?arch=x86_64&distro=rhel-8.10&upstream=avahi-0.7-27.el8_10.1.src.rpm", "issues" : [ { "id" : "CVE-2021-3468", "title" : "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3468" ], "unique" : false }, { "id" : "CVE-2023-1981", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1981" ], "unique" : false }, { "id" : "CVE-2023-38469", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38469" ], "unique" : false }, { "id" : "CVE-2023-38470", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38470" ], "unique" : false }, { "id" : "CVE-2023-38471", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38471" ], "unique" : false }, { "id" : "CVE-2023-38472", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38472" ], "unique" : false }, { "id" : "CVE-2023-38473", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38473" ], "unique" : false }, { "id" : "CVE-2021-3502", "title" : "A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3502" ], "unique" : false }, { "id" : "CVE-2024-52615", "title" : "Avahi: avahi wide-area dns uses constant source port", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52615" ], "unique" : false }, { "id" : "CVE-2024-52616", "title" : "Avahi: avahi wide-area dns predictable transaction ids", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52616" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-3468", "title" : "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3468" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64&distro=rhel-8.10&upstream=systemd-239-82.el8_10.15.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2022-3821", "title" : "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3821" ], "unique" : false }, { "id" : "CVE-2022-4415", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4415" ], "unique" : false }, { "id" : "CVE-2022-45873", "title" : "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-45873" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=rhel-8.10&upstream=libgcrypt-1.8.5-7.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/alsa-lib@1.2.10-2.el8?arch=x86_64&distro=rhel-8.10&upstream=alsa-lib-1.2.10-2.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-25068", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25068" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-25068", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25068" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm", "issues" : [ { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false }, { "id" : "CVE-2022-22576", "title" : "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2022-22576" ], "unique" : false }, { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2022-27775", "title" : "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27775" ], "unique" : false }, { "id" : "CVE-2022-27782", "title" : "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27782" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2022-32206", "title" : "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32206" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl : pod: test-comp-pac-forgejo-qslzwy-on-pull-request-86mcz-init-pod | init container: prepare 2026/04/21 15:24:48 Entrypoint initialization pod: test-comp-pac-forgejo-qslzwy-on-pull-request-86mcz-init-pod | container step-init: time="2026-04-21T15:24:51Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-21T15:24:51Z" level=info msg="[param] enable: false" time="2026-04-21T15:24:51Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-21T15:24:51Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-21T15:24:51Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-21T15:24:51Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-21T15:24:51Z" level=info msg="Cache proxy is disabled in param or in backend" time="2026-04-21T15:24:51Z" level=info msg="[result] HTTP PROXY: " time="2026-04-21T15:24:51Z" level=info msg="[result] NO PROXY: " { s: "\n pod: test-comp-pac-forgejo-qslzwy-on-pull-request-86mcz-init-pod | init container: prepare\n2026/04/21 15:24:48 Entrypoint initialization\n\npod: test-comp-pac-forgejo-qslzwy-on-pull-request-86mcz-init-pod | container step-init: \ntime=\"2026-04-21T15:24:51Z\" level=info msg=\"Using in-cluster config\" logger=KubeClient\ntime=\"2026-04-21T15:24:51Z\" level=info msg=\"[param] enable: false\"\ntime=\"2026-04-21T15:24:51Z\" level=info msg=\"[param] default-http-proxy: squid.caching.svc.cluster.local:3128\"\ntime=\"2026-04-21T15:24:51Z\" level=info msg=\"[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai\"\ntime=\"2026-04-21T15:24:51Z\" level=info msg=\"[param] http-proxy-result-path: /tekton/results/http-proxy\"\ntime=\"2026-04-21T15:24:51Z\" level=info msg=\"[param] no-proxy-result-path: /tekton/results/no-proxy\"\ntime=\"2026-04-21T15:24:51Z\" level=info msg=\"Cache proxy is disabled in param or in backend\"\ntime=\"2026-04-21T15:24:51Z\" level=info msg=\"[result] HTTP PROXY: \"\ntime=\"2026-04-21T15:24:51Z\" level=info msg=\"[result] NO PROXY: \"\n", } In [It] at: /tmp/tmp.Z3CXXW4lH8/tests/integration-service/forgejo-integration-reporting.go:179 @ 04/21/26 15:33:05.421 ------------------------------ SSSSSSSSSSSSS•••••••••SSSSSSSSSSSSSSSSSSS Summarizing 3 Failures: [FAIL] [integration-service-suite Status Reporting of Integration tests] with status reporting of Integration tests in CheckRuns when a new Component with specified custom branch is created [It] should lead to build PipelineRun finishing successfully [integration-service, github-status-reporting, custom-branch] /tmp/tmp.Z3CXXW4lH8/tests/integration-service/status-reporting-to-pullrequest.go:144 [FAIL] [integration-service-suite Integration Service E2E tests] with happy path for general flow of Integration service when the build pipelineRun run succeeded [It] checks if all of the integrationPipelineRuns passed [integration-service, slow] /tmp/tmp.Z3CXXW4lH8/tests/integration-service/integration.go:155 [FAIL] [integration-service-suite Forgejo Status Reporting of Integration tests] Forgejo with status reporting of Integration tests in the associated merge request when a new Component with specified custom branch is created [It] should lead to build PipelineRun finishing successfully [integration-service, forgejo-status-reporting, custom-branch] /tmp/tmp.Z3CXXW4lH8/tests/integration-service/forgejo-integration-reporting.go:179 Ran 78 of 477 Specs in 2135.328 seconds FAIL! -- 75 Passed | 3 Failed | 88 Pending | 311 Skipped Ginkgo ran 1 suite in 37m57.251643076s Test Suite Failed Error: running "ginkgo --seed=1776782775 --timeout=1h30m0s --grace-period=30s --output-interceptor-mode=none --focus-file=tests/integration-service/forgejo-integration-reporting.go --focus-file=tests/integration-service/gitlab-integration-reporting.go --focus-file=tests/integration-service/group-snapshots-tests.go --focus-file=tests/integration-service/integration.go --focus-file=tests/integration-service/status-reporting-to-pullrequest.go --no-color --json-report=e2e-report.json --junit-report=e2e-report.xml --procs=20 --nodes=20 --p --output-dir=/workspace/artifact-dir ./cmd --" failed with exit code 1 make: *** [Makefile:25: ci/test/e2e] Error 1