> Enter [BeforeAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:45 @ 04/22/26 13:50:09.898 Build PipelineRun has not been created yet for the component stat-rep-leul/test-component-pac-ubqukc < Exit [BeforeAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:45 @ 04/22/26 13:51:04.833 (54.934s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:111 @ 04/22/26 13:51:04.833 < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:111 @ 04/22/26 13:51:04.833 (0s) > Enter [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 04/22/26 13:51:04.833 < Exit [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 04/22/26 13:51:04.833 (0s) > Enter [It] should have a related PaC init PR created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:115 @ 04/22/26 13:51:04.834 < Exit [It] should have a related PaC init PR created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:115 @ 04/22/26 13:51:05.108 (274ms) > Enter [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 04/22/26 13:51:05.108 < Exit [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 04/22/26 13:51:05.108 (0s) > Enter [It] initialized integration test status is reported to github - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:134 @ 04/22/26 13:51:05.109 < Exit [It] initialized integration test status is reported to github - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:134 @ 04/22/26 13:51:05.391 (283ms) > Enter [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 04/22/26 13:51:05.392 < Exit [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 04/22/26 13:51:05.392 (0s) [FAILED] build pipelinerun fails for NameSpace/Application/Component stat-rep-leul/integ-app-gpju/test-component-pac-ubqukc with logs: Pipelinerun 'test-component-pac-ubqukc-on-pull-request-jsngz' didn't succeed Expected success, but got an error: <*errors.errorString | 0xc000b89790>: Pipelinerun 'test-component-pac-ubqukc-on-pull-request-jsngz' didn't succeed { s: "Pipelinerun 'test-component-pac-ubqukc-on-pull-request-jsngz' didn't succeed\n", } In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:146 @ 04/22/26 13:56:25.532 > Enter [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:144 @ 04/22/26 13:51:05.392 PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Running PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: PipelineRunStopping PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: PipelineRunStopping PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: PipelineRunStopping PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: PipelineRunStopping PipelineRun test-component-pac-ubqukc-on-pull-request-jsngz reason: Failed [FAILED] build pipelinerun fails for NameSpace/Application/Component stat-rep-leul/integ-app-gpju/test-component-pac-ubqukc with logs: Pipelinerun 'test-component-pac-ubqukc-on-pull-request-jsngz' didn't succeed Expected success, but got an error: <*errors.errorString | 0xc000b89790>: Pipelinerun 'test-component-pac-ubqukc-on-pull-request-jsngz' didn't succeed { s: "Pipelinerun 'test-component-pac-ubqukc-on-pull-request-jsngz' didn't succeed\n", } In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:146 @ 04/22/26 13:56:25.532 < Exit [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:144 @ 04/22/26 13:56:25.532 (5m20.139s) > Enter [AfterAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:94 @ 04/22/26 13:56:25.532 < Exit [AfterAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:94 @ 04/22/26 13:56:26.454 (922ms) > Enter [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 04/22/26 13:56:26.454 < Exit [AfterEach] [integration-service-suite Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:42 @ 04/22/26 13:56:26.583 (129ms) [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:151 @ 04/22/26 13:56:26.584 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:155 @ 04/22/26 13:56:26.584 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:160 @ 04/22/26 13:56:26.584 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:166 @ 04/22/26 13:56:26.585 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:190 @ 04/22/26 13:56:26.585 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:199 @ 04/22/26 13:56:26.585 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:213 @ 04/22/26 13:56:26.585 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:217 @ 04/22/26 13:56:26.586 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:221 @ 04/22/26 13:56:26.586 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:225 @ 04/22/26 13:56:26.586 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:229 @ 04/22/26 13:56:26.586 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:244 @ 04/22/26 13:56:26.587 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:248 @ 04/22/26 13:56:26.587 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:263 @ 04/22/26 13:56:26.587 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:267 @ 04/22/26 13:56:26.587 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:276 @ 04/22/26 13:56:26.588 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:291 @ 04/22/26 13:56:26.588 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:297 @ 04/22/26 13:56:26.588 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:302 @ 04/22/26 13:56:26.588 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:308 @ 04/22/26 13:56:26.588 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:355 @ 04/22/26 13:56:26.589 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/status-reporting-to-pullrequest.go:400 @ 04/22/26 13:56:26.589 > Enter [BeforeAll] with happy path for general flow of Integration service - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:52 @ 04/22/26 13:50:09.899 Image repository for component test-component-pac-jfjqoi in namespace integration1-fgqi do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] with happy path for general flow of Integration service - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:52 @ 04/22/26 13:50:36.778 (26.88s) > Enter [It] triggers a build PipelineRun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:85 @ 04/22/26 13:50:36.778 no pipelinerun found for component test-component-pac-jfjqoi (application: integ-app-iodn, namespace: integration1-fgqi) < Exit [It] triggers a build PipelineRun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:85 @ 04/22/26 13:50:56.797 (20.019s) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 13:50:56.797 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 13:50:56.797 (0s) > Enter [It] verifies if the build PipelineRun contains the finalizer - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:90 @ 04/22/26 13:50:56.798 < Exit [It] verifies if the build PipelineRun contains the finalizer - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:90 @ 04/22/26 13:50:56.892 (95ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 13:50:56.892 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 13:50:56.892 (0s) > Enter [It] waits for build PipelineRun to succeed - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:101 @ 04/22/26 13:50:56.893 PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m found for Component integration1-fgqi/test-component-pac-jfjqoi PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: PipelineRunStopping PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: PipelineRunStopping PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: PipelineRunStopping PipelineRun test-component-pac-jfjqoi-on-pull-request-pdc9m reason: Failed attempt 1/3: PipelineRun "test-component-pac-jfjqoi-on-pull-request-pdc9m" failed: pod: test-component-pac-jfjqoi-o4e2cd86c2ab750e41ed46d6fce58adf9-pod | init container: prepare 2026/04/22 13:54:59 Entrypoint initialization pod: test-component-pac-jfjqoi-o4e2cd86c2ab750e41ed46d6fce58adf9-pod | init container: working-dir-initializer pod: test-component-pac-jfjqoi-o4e2cd86c2ab750e41ed46d6fce58adf9-pod | container step-push: time="2026-04-22T13:55:03Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118" time="2026-04-22T13:55:03Z" level=info msg="[param] image-digest: sha256:01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138" time="2026-04-22T13:55:03Z" level=info msg="[param] containerfile: Dockerfile" time="2026-04-22T13:55:03Z" level=info msg="[param] context: ." time="2026-04-22T13:55:03Z" level=info msg="[param] tag-suffix: .dockerfile" time="2026-04-22T13:55:03Z" level=info msg="[param] artifact-type: application/vnd.konflux.dockerfile" time="2026-04-22T13:55:03Z" level=info msg="[param] source: source" time="2026-04-22T13:55:03Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-04-22T13:55:03Z" level=info msg="[param] alternative-filename: Dockerfile" time="2026-04-22T13:55:04Z" level=info msg="oras [stdout] quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi@sha256:431dcc63d935a0a14c23b30c2152964f622185c61d3c4a109792badb76bbe9e5" logger=CliExecutor time="2026-04-22T13:55:04Z" level=info msg="Containerfile '/workspace/workspace/source/Dockerfile' is pushed to registry with tag: sha256-01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138.dockerfile" {"image_ref":"quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi@sha256:431dcc63d935a0a14c23b30c2152964f622185c61d3c4a109792badb76bbe9e5"} pod: test-component-pac-jfjqoi-oa38676172f02acd124d987e118703e7f-pod | init container: prepare 2026/04/22 13:54:39 Entrypoint initialization pod: test-component-pac-jfjqoi-oa38676172f02acd124d987e118703e7f-pod | init container: place-scripts 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-0-w82q5 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-1-8q2w6 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-2-9tw8x 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-3-jmftg 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-4-gdlkw 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-5-5cltz pod: test-component-pac-jfjqoi-oa38676172f02acd124d987e118703e7f-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... [retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... [retry] executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-component-pac-jfjqoi-oa38676172f02acd124d987e118703e7f-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 Using token for quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi Auth json written to "/auth/auth.json". pod: test-component-pac-jfjqoi-oa38676172f02acd124d987e118703e7f-pod | container step-set-skip-for-bundles: 2026/04/22 13:56:17 INFO Step was skipped due to when expressions were evaluated to false. pod: test-component-pac-jfjqoi-oa38676172f02acd124d987e118703e7f-pod | container step-app-check: time="2026-04-22T13:56:17Z" level=info msg="certification library version" version="1.17.1 <commit: f7de82ae1c76e6c10ea94967d6b6a66f96248cbe>" time="2026-04-22T13:56:18Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 for platform amd64" time="2026-04-22T13:56:18Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118" time="2026-04-22T13:56:25Z" level=info msg="warning: licenses directory does not exist or all of its children are empty directories: error when checking for /licenses: stat /tmp/preflight-1262972447/fs/licenses: no such file or directory" check=HasLicense time="2026-04-22T13:56:25Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-04-22T13:56:25Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-04-22T13:56:25Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-04-22T13:56:25Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-04-22T13:56:25Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-04-22T13:56:25Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-04-22T13:56:25Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-04-22T13:56:34Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-04-22T13:56:35Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-04-22T13:56:35Z" level=info msg="This image's tag on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 will be paired with digest sha256:01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.17.1", "commit": "f7de82ae1c76e6c10ea94967d6b6a66f96248cbe" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 44, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 8893, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 201, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-04-22T13:56:35Z" level=info msg="Preflight result: FAILED" pod: test-component-pac-jfjqoi-oa38676172f02acd124d987e118703e7f-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1776866196","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}[retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 pod: test-component-pac-jfjqoi-oa38676172f02acd124d987e118703e7f-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1776866196","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: test-component-pac-jfjqoi-ob4259b147a08930b3126dc25f096f4e6-pod | init container: prepare 2026/04/22 13:51:40 Entrypoint initialization pod: test-component-pac-jfjqoi-ob4259b147a08930b3126dc25f096f4e6-pod | init container: place-scripts 2026/04/22 13:51:41 Decoded script /tekton/scripts/script-0-7djs4 2026/04/22 13:51:41 Decoded script /tekton/scripts/script-1-7x972 2026/04/22 13:51:41 Decoded script /tekton/scripts/script-2-9ks4h 2026/04/22 13:51:41 Decoded script /tekton/scripts/script-3-xbkr7 2026/04/22 13:51:41 Decoded script /tekton/scripts/script-4-k6jq5 pod: test-component-pac-jfjqoi-ob4259b147a08930b3126dc25f096f4e6-pod | init container: working-dir-initializer pod: test-component-pac-jfjqoi-ob4259b147a08930b3126dc25f096f4e6-pod | container step-build: [2026-04-22T13:52:17,572641346+00:00] Validate context path [2026-04-22T13:52:17,575882742+00:00] Update CA trust [2026-04-22T13:52:17,576968401+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-04-22T13:52:19,638909850+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-04-22T13:52:19,644610446+00:00] Prepare system (architecture: x86_64) [2026-04-22T13:52:19,671195012+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:e2e03c29fb52977524b66e25d9363bc1813d154483d05951cf28aeb7ea0ae603 Copying blob sha256:d048357fb75839f8d54c470c087c578ad01acd0b0438c09ce513782902b26870 Copying config sha256:e282c638a3ca476e76e9a02b5219b1fb2354beb4244ba48db14e554e49420569 Writing manifest to image destination Storing signatures [2026-04-22T13:52:55,081858379+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-04-22T13:52:19Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK <openjdk@redhat.com>", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-04-22T13:52:19Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "ed3328a539acc00b4d626fb0525fc3656cfad118", "release": "4.1776364351", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1776364351", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "ed3328a539acc00b4d626fb0525fc3656cfad118", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/konflux-test-integration", "quay.expires-after": "6h" } [2026-04-22T13:52:55,127993458+00:00] Register sub-man Adding the entitlement to the build [2026-04-22T13:52:55,131213838+00:00] Add secrets [2026-04-22T13:52:55,138672179+00:00] Run buildah build [2026-04-22T13:52:55,139728522+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=ed3328a539acc00b4d626fb0525fc3656cfad118 --label org.opencontainers.image.revision=ed3328a539acc00b4d626fb0525fc3656cfad118 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --label quay.expires-after=6h --label build-date=2026-04-22T13:52:19Z --label org.opencontainers.image.created=2026-04-22T13:52:19Z --annotation org.opencontainers.image.revision=ed3328a539acc00b4d626fb0525fc3656cfad118 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --annotation org.opencontainers.image.created=2026-04-22T13:52:19Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.x5Rb0E -t quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:1e9245db1d6684fa6e841e9b335e9658f7225af2941fcdefbe4eec8e7af2c220 Copying blob sha256:d048357fb75839f8d54c470c087c578ad01acd0b0438c09ce513782902b26870 Copying config sha256:7d3108019ca265b4cb4e6e586bf055595bf32625ceb20cd1e4653b7889f07ee5 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 535 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 246 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.7/134 kB Progress (1): 10/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 40/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 81/134 kB Progress (1): 86/134 kB Progress (1): 90/134 kB Progress (1): 92/134 kB Progress (1): 96/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 120/134 kB Progress (1): 125/134 kB Progress (1): 127/134 kB Progress (1): 131/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 186 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 418 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 224 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 368 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 413 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 200 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 332 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 161 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 552 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 212 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 40/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 565 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 152 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 209 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 575 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 230 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 736 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 323 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 360 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 84 kB/s) Progress (1): 2.3/3.6 kB Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 30 kB/s) Progress (2): 2.0 kB | 2.3/7.1 kB Progress (2): 2.0 kB | 5.0/7.1 kB Progress (2): 2.0 kB | 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 13 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 42 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 184 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/226 kB Progress (1): 5.0/226 kB Progress (2): 5.0/226 kB | 2.3/13 kB Progress (2): 7.7/226 kB | 2.3/13 kB Progress (2): 7.7/226 kB | 6.4/13 kB Progress (2): 10/226 kB | 6.4/13 kB Progress (2): 10/226 kB | 10/13 kB Progress (2): 13/226 kB | 10/13 kB Progress (2): 13/226 kB | 13 kB Progress (2): 16/226 kB | 13 kB Progress (2): 19/226 kB | 13 kB Progress (2): 21/226 kB | 13 kB Progress (2): 24/226 kB | 13 kB Progress (2): 27/226 kB | 13 kB Progress (2): 30/226 kB | 13 kB Progress (2): 32/226 kB | 13 kB Progress (2): 35/226 kB | 13 kB Progress (2): 38/226 kB | 13 kB Progress (2): 41/226 kB | 13 kB Progress (2): 43/226 kB | 13 kB Progress (2): 46/226 kB | 13 kB Progress (2): 49/226 kB | 13 kB Progress (2): 52/226 kB | 13 kB Progress (2): 56/226 kB | 13 kB Progress (2): 60/226 kB | 13 kB Progress (2): 64/226 kB | 13 kB Progress (2): 68/226 kB | 13 kB Progress (2): 72/226 kB | 13 kB Progress (2): 76/226 kB | 13 kB Progress (2): 80/226 kB | 13 kB Progress (2): 84/226 kB | 13 kB Progress (2): 88/226 kB | 13 kB Progress (2): 93/226 kB | 13 kB Progress (2): 97/226 kB | 13 kB Progress (2): 101/226 kB | 13 kB Progress (2): 105/226 kB | 13 kB Progress (2): 109/226 kB | 13 kB Progress (2): 113/226 kB | 13 kB Progress (2): 117/226 kB | 13 kB Progress (2): 119/226 kB | 13 kB Progress (2): 123/226 kB | 13 kB Progress (2): 127/226 kB | 13 kB Progress (2): 131/226 kB | 13 kB Progress (2): 135/226 kB | 13 kB Progress (2): 139/226 kB | 13 kB Progress (2): 143/226 kB | 13 kB Progress (2): 147/226 kB | 13 kB Progress (2): 151/226 kB | 13 kB Progress (2): 155/226 kB | 13 kB Progress (2): 159/226 kB | 13 kB Progress (2): 163/226 kB | 13 kB Progress (2): 167/226 kB | 13 kB Progress (2): 172/226 kB | 13 kB Progress (2): 176/226 kB | 13 kB Progress (2): 180/226 kB | 13 kB Progress (2): 184/226 kB | 13 kB Progress (2): 188/226 kB | 13 kB Progress (2): 192/226 kB | 13 kB Progress (2): 196/226 kB | 13 kB Progress (2): 198/226 kB | 13 kB Progress (2): 202/226 kB | 13 kB Progress (2): 206/226 kB | 13 kB Progress (2): 210/226 kB | 13 kB Progress (2): 215/226 kB | 13 kB Progress (2): 219/226 kB | 13 kB Progress (2): 223/226 kB | 13 kB Progress (2): 226 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 179 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 2.7 MB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 106 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 6.0 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 4.5 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 250 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 181 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 4.7 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 183 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 242 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 4.1/116 kB Progress (1): 7.7/116 kB Progress (1): 12/116 kB Progress (1): 16/116 kB Progress (1): 20/116 kB Progress (1): 24/116 kB Progress (1): 28/116 kB Progress (1): 32/116 kB Progress (1): 36/116 kB Progress (1): 40/116 kB Progress (1): 45/116 kB Progress (1): 49/116 kB Progress (1): 53/116 kB Progress (1): 57/116 kB Progress (1): 61/116 kB Progress (1): 65/116 kB Progress (1): 69/116 kB Progress (1): 73/116 kB Progress (1): 77/116 kB Progress (1): 81/116 kB Progress (1): 86/116 kB Progress (1): 90/116 kB Progress (1): 94/116 kB Progress (1): 98/116 kB Progress (1): 102/116 kB Progress (1): 106/116 kB Progress (1): 110/116 kB Progress (1): 114/116 kB Progress (1): 116 kB Progress (2): 116 kB | 4.1/29 kB Progress (2): 116 kB | 7.7/29 kB Progress (2): 116 kB | 12/29 kB Progress (2): 116 kB | 16/29 kB Progress (2): 116 kB | 20/29 kB Progress (2): 116 kB | 24/29 kB Progress (2): 116 kB | 28/29 kB Progress (2): 116 kB | 29 kB Progress (3): 116 kB | 29 kB | 2.3/57 kB Progress (3): 116 kB | 29 kB | 5.0/57 kB Progress (3): 116 kB | 29 kB | 7.7/57 kB Progress (3): 116 kB | 29 kB | 10/57 kB Progress (3): 116 kB | 29 kB | 13/57 kB Progress (3): 116 kB | 29 kB | 16/57 kB Progress (3): 116 kB | 29 kB | 18/57 kB Progress (3): 116 kB | 29 kB | 21/57 kB Progress (4): 116 kB | 29 kB | 21/57 kB | 2.3/152 kB Progress (4): 116 kB | 29 kB | 24/57 kB | 2.3/152 kB Progress (4): 116 kB | 29 kB | 24/57 kB | 5.0/152 kB Progress (4): 116 kB | 29 kB | 27/57 kB | 5.0/152 kB Progress (4): 116 kB | 29 kB | 27/57 kB | 7.7/152 kB Progress (4): 116 kB | 29 kB | 29/57 kB | 7.7/152 kB Progress (4): 116 kB | 29 kB | 29/57 kB | 10/152 kB Progress (4): 116 kB | 29 kB | 32/57 kB | 10/152 kB Progress (4): 116 kB | 29 kB | 32/57 kB | 13/152 kB Progress (4): 116 kB | 29 kB | 35/57 kB | 13/152 kB Progress (4): 116 kB | 29 kB | 35/57 kB | 16/152 kB Progress (4): 116 kB | 29 kB | 38/57 kB | 16/152 kB Progress (4): 116 kB | 29 kB | 38/57 kB | 19/152 kB Progress (4): 116 kB | 29 kB | 40/57 kB | 19/152 kB Progress (4): 116 kB | 29 kB | 43/57 kB | 19/152 kB Progress (4): 116 kB | 29 kB | 43/57 kB | 21/152 kB Progress (4): 116 kB | 29 kB | 46/57 kB | 21/152 kB Progress (5): 116 kB | 29 kB | 46/57 kB | 21/152 kB | 3.8/35 kB Progress (5): 116 kB | 29 kB | 46/57 kB | 24/152 kB | 3.8/35 kB Progress (5): 116 kB | 29 kB | 48/57 kB | 24/152 kB | 3.8/35 kB Progress (5): 116 kB | 29 kB | 48/57 kB | 27/152 kB | 3.8/35 kB Progress (5): 116 kB | 29 kB | 51/57 kB | 27/152 kB | 3.8/35 kB Progress (5): 116 kB | 29 kB | 51/57 kB | 27/152 kB | 7.8/35 kB Progress (5): 116 kB | 29 kB | 54/57 kB | 27/152 kB | 7.8/35 kB Progress (5): 116 kB | 29 kB | 54/57 kB | 30/152 kB | 7.8/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 30/152 kB | 7.8/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 32/152 kB | 7.8/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 32/152 kB | 12/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 35/152 kB | 12/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 35/152 kB | 16/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 38/152 kB | 16/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 38/152 kB | 20/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 41/152 kB | 20/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 41/152 kB | 24/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 43/152 kB | 24/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 43/152 kB | 28/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 43/152 kB | 32/35 kB Progress (5): 116 kB | 29 kB | 57 kB | 43/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 46/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 49/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 53/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 57/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 61/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 65/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 69/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 73/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 76/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 80/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 84/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 88/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 92/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 96/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 100/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 104/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 108/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 112/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 117/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 121/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 125/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 129/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 133/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 137/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 141/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 143/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 147/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 151/152 kB | 35 kB Progress (5): 116 kB | 29 kB | 57 kB | 152 kB | 35 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 807 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 407 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 1.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 1.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 363 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Progress (1): 4.1/21 kB Progress (1): 8.2/21 kB Progress (1): 12/21 kB Progress (1): 16/21 kB Progress (1): 20/21 kB Progress (1): 21 kB Progress (2): 21 kB | 4.1/5.9 kB Progress (2): 21 kB | 5.9 kB Progress (3): 21 kB | 5.9 kB | 4.1/9.9 kB Progress (3): 21 kB | 5.9 kB | 7.7/9.9 kB Progress (3): 21 kB | 5.9 kB | 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 160 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Progress (2): 9.9 kB | 3.8/24 kB Progress (2): 9.9 kB | 7.8/24 kB Progress (2): 9.9 kB | 12/24 kB Progress (2): 9.9 kB | 16/24 kB Progress (2): 9.9 kB | 20/24 kB Progress (2): 9.9 kB | 24/24 kB Progress (2): 9.9 kB | 24 kB Progress (3): 9.9 kB | 24 kB | 4.1/37 kB Progress (3): 9.9 kB | 24 kB | 7.7/37 kB Progress (3): 9.9 kB | 24 kB | 12/37 kB Progress (3): 9.9 kB | 24 kB | 16/37 kB Progress (3): 9.9 kB | 24 kB | 20/37 kB Progress (3): 9.9 kB | 24 kB | 24/37 kB Progress (3): 9.9 kB | 24 kB | 28/37 kB Progress (3): 9.9 kB | 24 kB | 32/37 kB Progress (3): 9.9 kB | 24 kB | 36/37 kB Progress (3): 9.9 kB | 24 kB | 37 kB Progress (4): 9.9 kB | 24 kB | 37 kB | 3.8/30 kB Progress (4): 9.9 kB | 24 kB | 37 kB | 7.8/30 kB Progress (4): 9.9 kB | 24 kB | 37 kB | 12/30 kB Progress (4): 9.9 kB | 24 kB | 37 kB | 16/30 kB Progress (4): 9.9 kB | 24 kB | 37 kB | 20/30 kB Progress (4): 9.9 kB | 24 kB | 37 kB | 24/30 kB Progress (4): 9.9 kB | 24 kB | 37 kB | 28/30 kB Progress (4): 9.9 kB | 24 kB | 37 kB | 30 kB Progress (5): 9.9 kB | 24 kB | 37 kB | 30 kB | 3.8/14 kB Progress (5): 9.9 kB | 24 kB | 37 kB | 30 kB | 7.8/14 kB Progress (5): 9.9 kB | 24 kB | 37 kB | 30 kB | 9.9/14 kB Progress (5): 9.9 kB | 24 kB | 37 kB | 30 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 143 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 160 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 193 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Progress (2): 9.9 kB | 4.1/87 kB Progress (2): 9.9 kB | 7.7/87 kB Progress (2): 9.9 kB | 12/87 kB Progress (2): 9.9 kB | 16/87 kB Progress (2): 9.9 kB | 20/87 kB Progress (2): 9.9 kB | 24/87 kB Progress (2): 9.9 kB | 28/87 kB Progress (2): 9.9 kB | 32/87 kB Progress (2): 9.9 kB | 36/87 kB Progress (2): 9.9 kB | 40/87 kB Progress (2): 9.9 kB | 45/87 kB Progress (2): 9.9 kB | 49/87 kB Progress (2): 9.9 kB | 53/87 kB Progress (2): 9.9 kB | 57/87 kB Progress (2): 9.9 kB | 61/87 kB Progress (2): 9.9 kB | 65/87 kB Progress (2): 9.9 kB | 69/87 kB Progress (2): 9.9 kB | 73/87 kB Progress (2): 9.9 kB | 77/87 kB Progress (2): 9.9 kB | 81/87 kB Progress (2): 9.9 kB | 86/87 kB Progress (2): 9.9 kB | 87 kB Progress (3): 9.9 kB | 87 kB | 3.8/13 kB Progress (3): 9.9 kB | 87 kB | 7.8/13 kB Progress (3): 9.9 kB | 87 kB | 12/13 kB Progress (3): 9.9 kB | 87 kB | 13 kB Progress (4): 9.9 kB | 87 kB | 13 kB | 3.8/38 kB Progress (4): 9.9 kB | 87 kB | 13 kB | 7.8/38 kB Progress (4): 9.9 kB | 87 kB | 13 kB | 12/38 kB Progress (4): 9.9 kB | 87 kB | 13 kB | 16/38 kB Progress (4): 9.9 kB | 87 kB | 13 kB | 20/38 kB Progress (4): 9.9 kB | 87 kB | 13 kB | 24/38 kB Progress (4): 9.9 kB | 87 kB | 13 kB | 28/38 kB Progress (4): 9.9 kB | 87 kB | 13 kB | 32/38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 45 kB/s) Progress (3): 87 kB | 13 kB | 36/38 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Progress (3): 87 kB | 13 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 381 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Progress (2): 38 kB | 4.1/10 kB Progress (2): 38 kB | 7.7/10 kB Progress (2): 38 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Progress (2): 38 kB | 3.8/49 kB Progress (2): 38 kB | 7.8/49 kB Progress (2): 38 kB | 12/49 kB Progress (2): 38 kB | 16/49 kB Progress (2): 38 kB | 20/49 kB Progress (2): 38 kB | 24/49 kB Progress (2): 38 kB | 28/49 kB Progress (2): 38 kB | 32/49 kB Progress (2): 38 kB | 37/49 kB Progress (2): 38 kB | 41/49 kB Progress (2): 38 kB | 45/49 kB Progress (2): 38 kB | 49/49 kB Progress (2): 38 kB | 49 kB Progress (3): 38 kB | 49 kB | 4.1/121 kB Progress (3): 38 kB | 49 kB | 7.7/121 kB Progress (3): 38 kB | 49 kB | 12/121 kB Progress (3): 38 kB | 49 kB | 16/121 kB Progress (3): 38 kB | 49 kB | 20/121 kB Progress (3): 38 kB | 49 kB | 24/121 kB Progress (3): 38 kB | 49 kB | 28/121 kB Progress (3): 38 kB | 49 kB | 32/121 kB Progress (3): 38 kB | 49 kB | 36/121 kB Progress (3): 38 kB | 49 kB | 40/121 kB Progress (3): 38 kB | 49 kB | 45/121 kB Progress (3): 38 kB | 49 kB | 49/121 kB Progress (3): 38 kB | 49 kB | 53/121 kB Progress (3): 38 kB | 49 kB | 57/121 kB Progress (3): 38 kB | 49 kB | 61/121 kB Progress (3): 38 kB | 49 kB | 65/121 kB Progress (3): 38 kB | 49 kB | 69/121 kB Progress (3): 38 kB | 49 kB | 73/121 kB Progress (3): 38 kB | 49 kB | 77/121 kB Progress (3): 38 kB | 49 kB | 81/121 kB Progress (3): 38 kB | 49 kB | 86/121 kB Progress (3): 38 kB | 49 kB | 90/121 kB Progress (3): 38 kB | 49 kB | 94/121 kB Progress (3): 38 kB | 49 kB | 98/121 kB Progress (3): 38 kB | 49 kB | 102/121 kB Progress (3): 38 kB | 49 kB | 106/121 kB Progress (3): 38 kB | 49 kB | 110/121 kB Progress (3): 38 kB | 49 kB | 114/121 kB Progress (3): 38 kB | 49 kB | 118/121 kB Progress (3): 38 kB | 49 kB | 121 kB Progress (4): 38 kB | 49 kB | 121 kB | 3.8/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 7.8/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 12/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 16/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 20/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 24/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 28/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 32/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 37/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 41/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 45/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 49/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 53/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 57/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 61/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 65/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 69/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 73/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 77/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 82/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 86/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 90/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 94/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 98/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 102/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 106/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 110/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 114/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 118/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 123/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 127/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 131/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 135/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 139/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 143/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 147/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 151/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 155/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 159/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 163/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 167/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 172/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 176/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 180/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 184/194 kB Progress (4): 38 kB | 49 kB | 121 kB | 188/194 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 124 kB/s) Progress (3): 49 kB | 121 kB | 192/194 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Progress (3): 49 kB | 121 kB | 194 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 381 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Progress (3): 49 kB | 194 kB | 4.1/223 kB Progress (4): 49 kB | 194 kB | 4.1/223 kB | 4.1/43 kB Progress (4): 49 kB | 194 kB | 7.7/223 kB | 4.1/43 kB Progress (4): 49 kB | 194 kB | 7.7/223 kB | 7.7/43 kB Progress (4): 49 kB | 194 kB | 12/223 kB | 7.7/43 kB Progress (4): 49 kB | 194 kB | 16/223 kB | 7.7/43 kB Progress (4): 49 kB | 194 kB | 16/223 kB | 12/43 kB Progress (4): 49 kB | 194 kB | 16/223 kB | 16/43 kB Progress (4): 49 kB | 194 kB | 16/223 kB | 20/43 kB Progress (4): 49 kB | 194 kB | 16/223 kB | 24/43 kB Progress (4): 49 kB | 194 kB | 20/223 kB | 24/43 kB Progress (4): 49 kB | 194 kB | 24/223 kB | 24/43 kB Progress (4): 49 kB | 194 kB | 28/223 kB | 24/43 kB Progress (4): 49 kB | 194 kB | 32/223 kB | 24/43 kB Progress (4): 49 kB | 194 kB | 32/223 kB | 28/43 kB Progress (4): 49 kB | 194 kB | 32/223 kB | 32/43 kB Progress (4): 49 kB | 194 kB | 32/223 kB | 36/43 kB Progress (4): 49 kB | 194 kB | 32/223 kB | 40/43 kB Progress (4): 49 kB | 194 kB | 36/223 kB | 40/43 kB Progress (4): 49 kB | 194 kB | 40/223 kB | 40/43 kB Progress (4): 49 kB | 194 kB | 40/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 45/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 49/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 53/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 57/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 61/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 65/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 69/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 73/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 77/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 81/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 86/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 90/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 94/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 98/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 102/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 106/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 110/223 kB | 43 kB Progress (4): 49 kB | 194 kB | 114/223 kB | 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 558 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Progress (3): 49 kB | 118/223 kB | 43 kB Progress (3): 49 kB | 122/223 kB | 43 kB Progress (3): 49 kB | 126/223 kB | 43 kB Progress (3): 49 kB | 131/223 kB | 43 kB Progress (3): 49 kB | 135/223 kB | 43 kB Progress (3): 49 kB | 139/223 kB | 43 kB Progress (3): 49 kB | 143/223 kB | 43 kB Progress (3): 49 kB | 147/223 kB | 43 kB Progress (3): 49 kB | 151/223 kB | 43 kB Progress (3): 49 kB | 155/223 kB | 43 kB Progress (3): 49 kB | 159/223 kB | 43 kB Progress (3): 49 kB | 163/223 kB | 43 kB Progress (3): 49 kB | 167/223 kB | 43 kB Progress (3): 49 kB | 172/223 kB | 43 kB Progress (3): 49 kB | 176/223 kB | 43 kB Progress (3): 49 kB | 180/223 kB | 43 kB Progress (3): 49 kB | 184/223 kB | 43 kB Progress (3): 49 kB | 188/223 kB | 43 kB Progress (3): 49 kB | 192/223 kB | 43 kB Progress (3): 49 kB | 196/223 kB | 43 kB Progress (3): 49 kB | 200/223 kB | 43 kB Progress (3): 49 kB | 204/223 kB | 43 kB Progress (3): 49 kB | 208/223 kB | 43 kB Progress (3): 49 kB | 212/223 kB | 43 kB Progress (3): 49 kB | 217/223 kB | 43 kB Progress (3): 49 kB | 221/223 kB | 43 kB Progress (3): 49 kB | 223 kB | 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 115 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 592 kB/s) Progress (1): 4.1/6.8 kB Progress (1): 6.8 kB Progress (2): 6.8 kB | 3.8/86 kB Progress (2): 6.8 kB | 7.8/86 kB Progress (2): 6.8 kB | 12/86 kB Progress (2): 6.8 kB | 16/86 kB Progress (2): 6.8 kB | 20/86 kB Progress (2): 6.8 kB | 24/86 kB Progress (2): 6.8 kB | 28/86 kB Progress (2): 6.8 kB | 32/86 kB Progress (2): 6.8 kB | 37/86 kB Progress (2): 6.8 kB | 41/86 kB Progress (2): 6.8 kB | 45/86 kB Progress (2): 6.8 kB | 49/86 kB Progress (2): 6.8 kB | 53/86 kB Progress (2): 6.8 kB | 57/86 kB Progress (2): 6.8 kB | 61/86 kB Progress (2): 6.8 kB | 65/86 kB Progress (2): 6.8 kB | 69/86 kB Progress (2): 6.8 kB | 73/86 kB Progress (2): 6.8 kB | 77/86 kB Progress (2): 6.8 kB | 82/86 kB Progress (2): 6.8 kB | 86/86 kB Progress (2): 6.8 kB | 86 kB Progress (3): 6.8 kB | 86 kB | 3.8/61 kB Progress (3): 6.8 kB | 86 kB | 7.8/61 kB Progress (3): 6.8 kB | 86 kB | 12/61 kB Progress (3): 6.8 kB | 86 kB | 16/61 kB Progress (3): 6.8 kB | 86 kB | 20/61 kB Progress (3): 6.8 kB | 86 kB | 24/61 kB Progress (3): 6.8 kB | 86 kB | 28/61 kB Progress (3): 6.8 kB | 86 kB | 32/61 kB Progress (3): 6.8 kB | 86 kB | 37/61 kB Progress (3): 6.8 kB | 86 kB | 41/61 kB Progress (3): 6.8 kB | 86 kB | 45/61 kB Progress (3): 6.8 kB | 86 kB | 49/61 kB Progress (3): 6.8 kB | 86 kB | 53/61 kB Progress (3): 6.8 kB | 86 kB | 57/61 kB Progress (3): 6.8 kB | 86 kB | 61/61 kB Progress (3): 6.8 kB | 86 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 196 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 15 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 135 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 163 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 274 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 7.0 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 386 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 559 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 158 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 7.6 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 288 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 298 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 8.2 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 7.8 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 277 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 2.3 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 10 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/13 kB Progress (1): 7.7/13 kB Progress (1): 12/13 kB Progress (1): 13 kB Progress (2): 13 kB | 4.1/160 kB Progress (2): 13 kB | 8.2/160 kB Progress (2): 13 kB | 12/160 kB Progress (2): 13 kB | 16/160 kB Progress (2): 13 kB | 20/160 kB Progress (2): 13 kB | 25/160 kB Progress (2): 13 kB | 29/160 kB Progress (2): 13 kB | 33/160 kB Progress (2): 13 kB | 37/160 kB Progress (2): 13 kB | 41/160 kB Progress (2): 13 kB | 45/160 kB Progress (2): 13 kB | 49/160 kB Progress (2): 13 kB | 53/160 kB Progress (2): 13 kB | 57/160 kB Progress (2): 13 kB | 61/160 kB Progress (2): 13 kB | 66/160 kB Progress (2): 13 kB | 70/160 kB Progress (2): 13 kB | 74/160 kB Progress (2): 13 kB | 78/160 kB Progress (2): 13 kB | 82/160 kB Progress (2): 13 kB | 86/160 kB Progress (2): 13 kB | 90/160 kB Progress (2): 13 kB | 94/160 kB Progress (2): 13 kB | 98/160 kB Progress (2): 13 kB | 102/160 kB Progress (2): 13 kB | 106/160 kB Progress (2): 13 kB | 111/160 kB Progress (2): 13 kB | 115/160 kB Progress (2): 13 kB | 119/160 kB Progress (2): 13 kB | 123/160 kB Progress (3): 13 kB | 123/160 kB | 4.1/49 kB Progress (3): 13 kB | 127/160 kB | 4.1/49 kB Progress (3): 13 kB | 127/160 kB | 7.7/49 kB Progress (3): 13 kB | 131/160 kB | 7.7/49 kB Progress (3): 13 kB | 135/160 kB | 7.7/49 kB Progress (3): 13 kB | 135/160 kB | 12/49 kB Progress (3): 13 kB | 135/160 kB | 16/49 kB Progress (3): 13 kB | 135/160 kB | 20/49 kB Progress (3): 13 kB | 135/160 kB | 24/49 kB Progress (3): 13 kB | 139/160 kB | 24/49 kB Progress (3): 13 kB | 139/160 kB | 28/49 kB Progress (3): 13 kB | 143/160 kB | 28/49 kB Progress (3): 13 kB | 143/160 kB | 32/49 kB Progress (3): 13 kB | 147/160 kB | 32/49 kB Progress (3): 13 kB | 147/160 kB | 36/49 kB Progress (3): 13 kB | 152/160 kB | 36/49 kB Progress (3): 13 kB | 152/160 kB | 40/49 kB Progress (3): 13 kB | 156/160 kB | 40/49 kB Progress (3): 13 kB | 160 kB | 40/49 kB Progress (3): 13 kB | 160 kB | 45/49 kB Progress (3): 13 kB | 160 kB | 49/49 kB Progress (3): 13 kB | 160 kB | 49 kB Progress (4): 13 kB | 160 kB | 49 kB | 4.1/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 8.2/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 12/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 16/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 20/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 25/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 29/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 33/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 37/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 41/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 45/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 49/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 53/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 57/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 61/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 66/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 70/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 74/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 78/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 82/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 86/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 89 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 4.1/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 7.7/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 12/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 16/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 20/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 24/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 28/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 32/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 36/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 40/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 45/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 49/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 53/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 57/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 61/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 65/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 69/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 73/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 77/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 81/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 86/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 90/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 94/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 98/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 102/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 106/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 110/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 114/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 118/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 122/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 126/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 131/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 135/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 139/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 143/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 147/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 151/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 155/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 159/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 163/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 167/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 172/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 176/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 180/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 184/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 188/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 192/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 196/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 200/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 204/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 208/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 211 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 756 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 159 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Progress (3): 89 kB | 211 kB | 4.1/21 kB Progress (3): 89 kB | 211 kB | 7.7/21 kB Progress (3): 89 kB | 211 kB | 12/21 kB Progress (3): 89 kB | 211 kB | 16/21 kB Progress (3): 89 kB | 211 kB | 20/21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 1.0 MB/s) Progress (2): 211 kB | 21 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Progress (2): 21 kB | 4.1/35 kB Progress (2): 21 kB | 7.7/35 kB Progress (2): 21 kB | 12/35 kB Progress (2): 21 kB | 16/35 kB Progress (2): 21 kB | 20/35 kB Progress (2): 21 kB | 24/35 kB Progress (2): 21 kB | 28/35 kB Progress (2): 21 kB | 32/35 kB Progress (2): 21 kB | 35 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 190 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Progress (2): 35 kB | 4.1/87 kB Progress (2): 35 kB | 7.7/87 kB Progress (2): 35 kB | 12/87 kB Progress (2): 35 kB | 16/87 kB Progress (2): 35 kB | 20/87 kB Progress (2): 35 kB | 24/87 kB Progress (2): 35 kB | 28/87 kB Progress (2): 35 kB | 32/87 kB Progress (2): 35 kB | 36/87 kB Progress (2): 35 kB | 40/87 kB Progress (2): 35 kB | 45/87 kB Progress (2): 35 kB | 49/87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 300 kB/s) Progress (1): 53/87 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Progress (1): 57/87 kB Progress (1): 61/87 kB Progress (1): 65/87 kB Progress (1): 69/87 kB Progress (1): 73/87 kB Progress (1): 77/87 kB Progress (1): 81/87 kB Progress (1): 86/87 kB Progress (1): 87 kB Progress (2): 87 kB | 4.1/25 kB Progress (2): 87 kB | 7.7/25 kB Progress (2): 87 kB | 12/25 kB Progress (2): 87 kB | 16/25 kB Progress (3): 87 kB | 16/25 kB | 4.1/14 kB Progress (3): 87 kB | 16/25 kB | 7.7/14 kB Progress (3): 87 kB | 16/25 kB | 12/14 kB Progress (3): 87 kB | 16/25 kB | 14 kB Progress (3): 87 kB | 20/25 kB | 14 kB Progress (3): 87 kB | 24/25 kB | 14 kB Progress (3): 87 kB | 25 kB | 14 kB Progress (4): 87 kB | 25 kB | 14 kB | 4.1/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 7.7/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 12/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 16/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 20/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 24/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 28/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 32/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 36/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 40/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 45/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 49/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 53/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 57/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 61/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 65/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 69/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 73/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 77/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 81/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 86/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 90/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 94/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 98/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 102/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 106/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 110/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 114/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 118/122 kB Progress (4): 87 kB | 25 kB | 14 kB | 122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 578 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Progress (4): 25 kB | 14 kB | 122 kB | 4.1/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 7.7/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 12/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 16/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 20/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 24/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 28/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 153 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 747 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 156 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Progress (1): 4.1/10 kB Progress (1): 7.5/10 kB Progress (1): 10 kB Progress (2): 10 kB | 4.1/155 kB Progress (2): 10 kB | 7.7/155 kB Progress (2): 10 kB | 12/155 kB Progress (2): 10 kB | 16/155 kB Progress (2): 10 kB | 20/155 kB Progress (2): 10 kB | 24/155 kB Progress (2): 10 kB | 28/155 kB Progress (2): 10 kB | 32/155 kB Progress (2): 10 kB | 36/155 kB Progress (2): 10 kB | 40/155 kB Progress (2): 10 kB | 45/155 kB Progress (2): 10 kB | 49/155 kB Progress (2): 10 kB | 53/155 kB Progress (2): 10 kB | 57/155 kB Progress (2): 10 kB | 61/155 kB Progress (2): 10 kB | 65/155 kB Progress (2): 10 kB | 69/155 kB Progress (2): 10 kB | 73/155 kB Progress (2): 10 kB | 77/155 kB Progress (2): 10 kB | 81/155 kB Progress (2): 10 kB | 86/155 kB Progress (2): 10 kB | 90/155 kB Progress (2): 10 kB | 94/155 kB Progress (2): 10 kB | 98/155 kB Progress (2): 10 kB | 102/155 kB Progress (2): 10 kB | 106/155 kB Progress (2): 10 kB | 110/155 kB Progress (2): 10 kB | 114/155 kB Progress (2): 10 kB | 118/155 kB Progress (2): 10 kB | 122/155 kB Progress (2): 10 kB | 126/155 kB Progress (2): 10 kB | 131/155 kB Progress (2): 10 kB | 135/155 kB Progress (2): 10 kB | 139/155 kB Progress (2): 10 kB | 143/155 kB Progress (2): 10 kB | 147/155 kB Progress (2): 10 kB | 151/155 kB Progress (2): 10 kB | 155 kB Progress (3): 10 kB | 155 kB | 4.1/58 kB Progress (3): 10 kB | 155 kB | 7.7/58 kB Progress (4): 10 kB | 155 kB | 7.7/58 kB | 4.1/37 kB Progress (4): 10 kB | 155 kB | 7.7/58 kB | 8.2/37 kB Progress (4): 10 kB | 155 kB | 7.7/58 kB | 12/37 kB Progress (4): 10 kB | 155 kB | 7.7/58 kB | 16/37 kB Progress (4): 10 kB | 155 kB | 7.7/58 kB | 20/37 kB Progress (4): 10 kB | 155 kB | 7.7/58 kB | 25/37 kB Progress (4): 10 kB | 155 kB | 7.7/58 kB | 29/37 kB Progress (4): 10 kB | 155 kB | 7.7/58 kB | 33/37 kB Progress (4): 10 kB | 155 kB | 7.7/58 kB | 37/37 kB Progress (4): 10 kB | 155 kB | 7.7/58 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Progress (3): 155 kB | 12/58 kB | 37 kB Progress (3): 155 kB | 16/58 kB | 37 kB Progress (3): 155 kB | 20/58 kB | 37 kB Progress (3): 155 kB | 24/58 kB | 37 kB Progress (4): 155 kB | 24/58 kB | 37 kB | 4.1/33 kB Progress (4): 155 kB | 24/58 kB | 37 kB | 7.7/33 kB Progress (4): 155 kB | 24/58 kB | 37 kB | 12/33 kB Progress (4): 155 kB | 24/58 kB | 37 kB | 16/33 kB Progress (4): 155 kB | 24/58 kB | 37 kB | 20/33 kB Progress (4): 155 kB | 24/58 kB | 37 kB | 24/33 kB Progress (4): 155 kB | 24/58 kB | 37 kB | 28/33 kB Progress (4): 155 kB | 24/58 kB | 37 kB | 32/33 kB Progress (4): 155 kB | 24/58 kB | 37 kB | 33 kB Progress (4): 155 kB | 28/58 kB | 37 kB | 33 kB Progress (4): 155 kB | 32/58 kB | 37 kB | 33 kB Progress (4): 155 kB | 36/58 kB | 37 kB | 33 kB Progress (4): 155 kB | 40/58 kB | 37 kB | 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 672 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Progress (3): 45/58 kB | 37 kB | 33 kB Progress (3): 49/58 kB | 37 kB | 33 kB Progress (3): 53/58 kB | 37 kB | 33 kB Progress (3): 57/58 kB | 37 kB | 33 kB Progress (3): 58 kB | 37 kB | 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 152 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Progress (3): 58 kB | 33 kB | 4.1/32 kB Progress (3): 58 kB | 33 kB | 7.7/32 kB Progress (3): 58 kB | 33 kB | 12/32 kB Progress (3): 58 kB | 33 kB | 16/32 kB Progress (3): 58 kB | 33 kB | 20/32 kB Progress (3): 58 kB | 33 kB | 24/32 kB Progress (3): 58 kB | 33 kB | 28/32 kB Progress (3): 58 kB | 33 kB | 32 kB Progress (4): 58 kB | 33 kB | 32 kB | 4.1/14 kB Progress (4): 58 kB | 33 kB | 32 kB | 7.7/14 kB Progress (4): 58 kB | 33 kB | 32 kB | 12/14 kB Progress (4): 58 kB | 33 kB | 32 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 219 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Progress (4): 33 kB | 32 kB | 14 kB | 4.1/4.2 kB Progress (4): 33 kB | 32 kB | 14 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 112 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Progress (1): 4.1/19 kB Progress (1): 7.7/19 kB Progress (1): 12/19 kB Progress (1): 16/19 kB Progress (1): 19 kB Progress (2): 19 kB | 4.1/4.6 kB Progress (2): 19 kB | 4.6 kB Progress (3): 19 kB | 4.6 kB | 4.1/25 kB Progress (3): 19 kB | 4.6 kB | 7.7/25 kB Progress (3): 19 kB | 4.6 kB | 12/25 kB Progress (3): 19 kB | 4.6 kB | 16/25 kB Progress (3): 19 kB | 4.6 kB | 20/25 kB Progress (3): 19 kB | 4.6 kB | 24/25 kB Progress (3): 19 kB | 4.6 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Progress (3): 4.6 kB | 25 kB | 4.1/134 kB Progress (3): 4.6 kB | 25 kB | 7.7/134 kB Progress (3): 4.6 kB | 25 kB | 12/134 kB Progress (3): 4.6 kB | 25 kB | 16/134 kB Progress (3): 4.6 kB | 25 kB | 20/134 kB Progress (3): 4.6 kB | 25 kB | 24/134 kB Progress (3): 4.6 kB | 25 kB | 28/134 kB Progress (3): 4.6 kB | 25 kB | 32/134 kB Progress (3): 4.6 kB | 25 kB | 36/134 kB Progress (3): 4.6 kB | 25 kB | 40/134 kB Progress (3): 4.6 kB | 25 kB | 45/134 kB Progress (3): 4.6 kB | 25 kB | 49/134 kB Progress (3): 4.6 kB | 25 kB | 53/134 kB Progress (3): 4.6 kB | 25 kB | 57/134 kB Progress (3): 4.6 kB | 25 kB | 61/134 kB Progress (3): 4.6 kB | 25 kB | 65/134 kB Progress (3): 4.6 kB | 25 kB | 69/134 kB Progress (3): 4.6 kB | 25 kB | 73/134 kB Progress (3): 4.6 kB | 25 kB | 77/134 kB Progress (3): 4.6 kB | 25 kB | 81/134 kB Progress (3): 4.6 kB | 25 kB | 86/134 kB Progress (3): 4.6 kB | 25 kB | 90/134 kB Progress (3): 4.6 kB | 25 kB | 94/134 kB Progress (3): 4.6 kB | 25 kB | 98/134 kB Progress (3): 4.6 kB | 25 kB | 102/134 kB Progress (3): 4.6 kB | 25 kB | 106/134 kB Progress (3): 4.6 kB | 25 kB | 110/134 kB Progress (3): 4.6 kB | 25 kB | 114/134 kB Progress (3): 4.6 kB | 25 kB | 118/134 kB Progress (3): 4.6 kB | 25 kB | 122/134 kB Progress (3): 4.6 kB | 25 kB | 126/134 kB Progress (3): 4.6 kB | 25 kB | 131/134 kB Progress (3): 4.6 kB | 25 kB | 134 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 4.1/46 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 7.7/46 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 12/46 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 16/46 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 20/46 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 24/46 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 28/46 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 32/46 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 36/46 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 40/46 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 45/46 kB Progress (4): 4.6 kB | 25 kB | 134 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 70 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Progress (3): 134 kB | 46 kB | 4.1/217 kB Progress (3): 134 kB | 46 kB | 7.7/217 kB Progress (3): 134 kB | 46 kB | 12/217 kB Progress (3): 134 kB | 46 kB | 16/217 kB Progress (3): 134 kB | 46 kB | 20/217 kB Progress (3): 134 kB | 46 kB | 24/217 kB Progress (3): 134 kB | 46 kB | 28/217 kB Progress (3): 134 kB | 46 kB | 32/217 kB Progress (3): 134 kB | 46 kB | 36/217 kB Progress (3): 134 kB | 46 kB | 40/217 kB Progress (3): 134 kB | 46 kB | 45/217 kB Progress (3): 134 kB | 46 kB | 49/217 kB Progress (3): 134 kB | 46 kB | 53/217 kB Progress (3): 134 kB | 46 kB | 57/217 kB Progress (3): 134 kB | 46 kB | 61/217 kB Progress (3): 134 kB | 46 kB | 65/217 kB Progress (3): 134 kB | 46 kB | 69/217 kB Progress (3): 134 kB | 46 kB | 73/217 kB Progress (3): 134 kB | 46 kB | 77/217 kB Progress (3): 134 kB | 46 kB | 81/217 kB Progress (3): 134 kB | 46 kB | 86/217 kB Progress (3): 134 kB | 46 kB | 90/217 kB Progress (3): 134 kB | 46 kB | 94/217 kB Progress (3): 134 kB | 46 kB | 98/217 kB Progress (3): 134 kB | 46 kB | 102/217 kB Progress (3): 134 kB | 46 kB | 106/217 kB Progress (3): 134 kB | 46 kB | 110/217 kB Progress (3): 134 kB | 46 kB | 114/217 kB Progress (3): 134 kB | 46 kB | 118/217 kB Progress (3): 134 kB | 46 kB | 122/217 kB Progress (3): 134 kB | 46 kB | 126/217 kB Progress (3): 134 kB | 46 kB | 131/217 kB Progress (3): 134 kB | 46 kB | 135/217 kB Progress (3): 134 kB | 46 kB | 139/217 kB Progress (3): 134 kB | 46 kB | 143/217 kB Progress (3): 134 kB | 46 kB | 147/217 kB Progress (3): 134 kB | 46 kB | 151/217 kB Progress (3): 134 kB | 46 kB | 155/217 kB Progress (3): 134 kB | 46 kB | 159/217 kB Progress (3): 134 kB | 46 kB | 163/217 kB Progress (3): 134 kB | 46 kB | 167/217 kB Progress (3): 134 kB | 46 kB | 172/217 kB Progress (3): 134 kB | 46 kB | 176/217 kB Progress (3): 134 kB | 46 kB | 180/217 kB Progress (3): 134 kB | 46 kB | 184/217 kB Progress (3): 134 kB | 46 kB | 188/217 kB Progress (3): 134 kB | 46 kB | 192/217 kB Progress (3): 134 kB | 46 kB | 196/217 kB Progress (3): 134 kB | 46 kB | 200/217 kB Progress (3): 134 kB | 46 kB | 204/217 kB Progress (3): 134 kB | 46 kB | 208/217 kB Progress (3): 134 kB | 46 kB | 212/217 kB Progress (3): 134 kB | 46 kB | 217/217 kB Progress (3): 134 kB | 46 kB | 217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 358 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 118 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Progress (2): 217 kB | 4.1/640 kB Progress (2): 217 kB | 7.7/640 kB Progress (2): 217 kB | 12/640 kB Progress (2): 217 kB | 16/640 kB Progress (2): 217 kB | 20/640 kB Progress (2): 217 kB | 24/640 kB Progress (2): 217 kB | 28/640 kB Progress (2): 217 kB | 32/640 kB Progress (2): 217 kB | 36/640 kB Progress (2): 217 kB | 40/640 kB Progress (2): 217 kB | 45/640 kB Progress (2): 217 kB | 49/640 kB Progress (2): 217 kB | 53/640 kB Progress (2): 217 kB | 57/640 kB Progress (2): 217 kB | 61/640 kB Progress (2): 217 kB | 65/640 kB Progress (3): 217 kB | 65/640 kB | 4.1/45 kB Progress (3): 217 kB | 69/640 kB | 4.1/45 kB Progress (3): 217 kB | 69/640 kB | 7.7/45 kB Progress (3): 217 kB | 73/640 kB | 7.7/45 kB Progress (3): 217 kB | 73/640 kB | 12/45 kB Progress (3): 217 kB | 77/640 kB | 12/45 kB Progress (3): 217 kB | 77/640 kB | 16/45 kB Progress (3): 217 kB | 81/640 kB | 16/45 kB Progress (3): 217 kB | 85/640 kB | 16/45 kB Progress (3): 217 kB | 89/640 kB | 16/45 kB Progress (3): 217 kB | 89/640 kB | 20/45 kB Progress (3): 217 kB | 93/640 kB | 20/45 kB Progress (3): 217 kB | 93/640 kB | 24/45 kB Progress (3): 217 kB | 98/640 kB | 24/45 kB Progress (3): 217 kB | 98/640 kB | 28/45 kB Progress (3): 217 kB | 98/640 kB | 32/45 kB Progress (3): 217 kB | 102/640 kB | 32/45 kB Progress (3): 217 kB | 106/640 kB | 32/45 kB Progress (3): 217 kB | 110/640 kB | 32/45 kB Progress (3): 217 kB | 114/640 kB | 32/45 kB Progress (3): 217 kB | 118/640 kB | 32/45 kB Progress (3): 217 kB | 122/640 kB | 32/45 kB Progress (3): 217 kB | 126/640 kB | 32/45 kB Progress (3): 217 kB | 130/640 kB | 32/45 kB Progress (3): 217 kB | 134/640 kB | 32/45 kB Progress (3): 217 kB | 139/640 kB | 32/45 kB Progress (3): 217 kB | 143/640 kB | 32/45 kB Progress (3): 217 kB | 147/640 kB | 32/45 kB Progress (3): 217 kB | 147/640 kB | 36/45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 528 kB/s) Progress (2): 151/640 kB | 36/45 kB Progress (2): 151/640 kB | 40/45 kB Progress (2): 155/640 kB | 40/45 kB Progress (2): 155/640 kB | 45/45 kB Progress (2): 159/640 kB | 45/45 kB Progress (2): 159/640 kB | 45 kB Progress (2): 163/640 kB | 45 kB Progress (2): 167/640 kB | 45 kB Progress (2): 171/640 kB | 45 kB Progress (2): 175/640 kB | 45 kB Progress (2): 179/640 kB | 45 kB Progress (2): 184/640 kB | 45 kB Progress (2): 188/640 kB | 45 kB Progress (2): 192/640 kB | 45 kB Progress (2): 196/640 kB | 45 kB Progress (2): 200/640 kB | 45 kB Progress (2): 204/640 kB | 45 kB Progress (2): 208/640 kB | 45 kB Progress (2): 212/640 kB | 45 kB Progress (2): 216/640 kB | 45 kB Progress (2): 220/640 kB | 45 kB Progress (2): 225/640 kB | 45 kB Progress (2): 229/640 kB | 45 kB Progress (2): 233/640 kB | 45 kB Progress (2): 237/640 kB | 45 kB Progress (2): 241/640 kB | 45 kB Progress (2): 245/640 kB | 45 kB Progress (2): 249/640 kB | 45 kB Progress (2): 253/640 kB | 45 kB Progress (2): 257/640 kB | 45 kB Progress (2): 261/640 kB | 45 kB Progress (2): 266/640 kB | 45 kB Progress (2): 270/640 kB | 45 kB Progress (2): 274/640 kB | 45 kB Progress (2): 278/640 kB | 45 kB Progress (2): 282/640 kB | 45 kB Progress (2): 286/640 kB | 45 kB Progress (2): 290/640 kB | 45 kB Progress (2): 294/640 kB | 45 kB Progress (2): 298/640 kB | 45 kB Progress (2): 302/640 kB | 45 kB Progress (2): 306/640 kB | 45 kB Progress (2): 311/640 kB | 45 kB Progress (2): 315/640 kB | 45 kB Progress (2): 319/640 kB | 45 kB Progress (2): 323/640 kB | 45 kB Progress (2): 327/640 kB | 45 kB Progress (2): 331/640 kB | 45 kB Progress (2): 335/640 kB | 45 kB Progress (2): 339/640 kB | 45 kB Progress (2): 343/640 kB | 45 kB Progress (2): 347/640 kB | 45 kB Progress (2): 352/640 kB | 45 kB Progress (2): 356/640 kB | 45 kB Progress (2): 360/640 kB | 45 kB Progress (2): 364/640 kB | 45 kB Progress (2): 368/640 kB | 45 kB Progress (2): 372/640 kB | 45 kB Progress (2): 376/640 kB | 45 kB Progress (2): 380/640 kB | 45 kB Progress (2): 384/640 kB | 45 kB Progress (2): 388/640 kB | 45 kB Progress (2): 392/640 kB | 45 kB Progress (2): 397/640 kB | 45 kB Progress (2): 401/640 kB | 45 kB Progress (2): 405/640 kB | 45 kB Progress (2): 409/640 kB | 45 kB Progress (2): 413/640 kB | 45 kB Progress (2): 417/640 kB | 45 kB Progress (2): 421/640 kB | 45 kB Progress (2): 425/640 kB | 45 kB Progress (2): 429/640 kB | 45 kB Progress (2): 433/640 kB | 45 kB Progress (2): 438/640 kB | 45 kB Progress (2): 442/640 kB | 45 kB Progress (2): 446/640 kB | 45 kB Progress (2): 450/640 kB | 45 kB Progress (2): 454/640 kB | 45 kB Progress (2): 458/640 kB | 45 kB Progress (2): 462/640 kB | 45 kB Progress (2): 466/640 kB | 45 kB Progress (2): 470/640 kB | 45 kB Progress (2): 474/640 kB | 45 kB Progress (2): 479/640 kB | 45 kB Progress (2): 483/640 kB | 45 kB Progress (2): 487/640 kB | 45 kB Progress (2): 491/640 kB | 45 kB Progress (2): 495/640 kB | 45 kB Progress (2): 498/640 kB | 45 kB Progress (2): 502/640 kB | 45 kB Progress (2): 506/640 kB | 45 kB Progress (2): 510/640 kB | 45 kB Progress (2): 514/640 kB | 45 kB Progress (2): 518/640 kB | 45 kB Progress (2): 522/640 kB | 45 kB Progress (2): 526/640 kB | 45 kB Progress (2): 531/640 kB | 45 kB Progress (2): 535/640 kB | 45 kB Progress (2): 539/640 kB | 45 kB Progress (2): 543/640 kB | 45 kB Progress (2): 547/640 kB | 45 kB Progress (2): 551/640 kB | 45 kB Progress (2): 555/640 kB | 45 kB Progress (2): 559/640 kB | 45 kB Progress (2): 563/640 kB | 45 kB Progress (2): 567/640 kB | 45 kB Progress (2): 572/640 kB | 45 kB Progress (2): 576/640 kB | 45 kB Progress (2): 580/640 kB | 45 kB Progress (2): 584/640 kB | 45 kB Progress (2): 588/640 kB | 45 kB Progress (2): 592/640 kB | 45 kB Progress (2): 596/640 kB | 45 kB Progress (2): 600/640 kB | 45 kB Progress (2): 604/640 kB | 45 kB Progress (2): 608/640 kB | 45 kB Progress (2): 612/640 kB | 45 kB Progress (2): 617/640 kB | 45 kB Progress (2): 621/640 kB | 45 kB Progress (2): 625/640 kB | 45 kB Progress (2): 629/640 kB | 45 kB Progress (2): 633/640 kB | 45 kB Progress (2): 637/640 kB | 45 kB Progress (2): 640 kB | 45 kB Progress (3): 640 kB | 45 kB | 4.1/121 kB Progress (3): 640 kB | 45 kB | 7.7/121 kB Progress (3): 640 kB | 45 kB | 12/121 kB Progress (3): 640 kB | 45 kB | 16/121 kB Progress (3): 640 kB | 45 kB | 20/121 kB Progress (3): 640 kB | 45 kB | 24/121 kB Progress (3): 640 kB | 45 kB | 28/121 kB Progress (3): 640 kB | 45 kB | 32/121 kB Progress (3): 640 kB | 45 kB | 36/121 kB Progress (3): 640 kB | 45 kB | 40/121 kB Progress (3): 640 kB | 45 kB | 45/121 kB Progress (3): 640 kB | 45 kB | 49/121 kB Progress (3): 640 kB | 45 kB | 53/121 kB Progress (3): 640 kB | 45 kB | 57/121 kB Progress (3): 640 kB | 45 kB | 61/121 kB Progress (3): 640 kB | 45 kB | 65/121 kB Progress (3): 640 kB | 45 kB | 69/121 kB Progress (3): 640 kB | 45 kB | 73/121 kB Progress (3): 640 kB | 45 kB | 77/121 kB Progress (3): 640 kB | 45 kB | 81/121 kB Progress (3): 640 kB | 45 kB | 86/121 kB Progress (3): 640 kB | 45 kB | 90/121 kB Progress (3): 640 kB | 45 kB | 94/121 kB Progress (3): 640 kB | 45 kB | 98/121 kB Progress (3): 640 kB | 45 kB | 102/121 kB Progress (3): 640 kB | 45 kB | 106/121 kB Progress (3): 640 kB | 45 kB | 110/121 kB Progress (3): 640 kB | 45 kB | 114/121 kB Progress (3): 640 kB | 45 kB | 118/121 kB Progress (3): 640 kB | 45 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 1.5 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 264 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 97 kB/s) Progress (1): 4.1/358 kB Progress (1): 8.2/358 kB Progress (1): 12/358 kB Progress (1): 16/358 kB Progress (1): 20/358 kB Progress (1): 25/358 kB Progress (1): 29/358 kB Progress (1): 33/358 kB Progress (1): 37/358 kB Progress (1): 41/358 kB Progress (1): 45/358 kB Progress (1): 49/358 kB Progress (1): 53/358 kB Progress (1): 57/358 kB Progress (1): 61/358 kB Progress (1): 66/358 kB Progress (1): 70/358 kB Progress (1): 74/358 kB Progress (1): 78/358 kB Progress (1): 82/358 kB Progress (1): 86/358 kB Progress (1): 90/358 kB Progress (1): 94/358 kB Progress (1): 98/358 kB Progress (1): 102/358 kB Progress (1): 106/358 kB Progress (1): 111/358 kB Progress (1): 115/358 kB Progress (1): 119/358 kB Progress (1): 123/358 kB Progress (1): 127/358 kB Progress (1): 131/358 kB Progress (1): 135/358 kB Progress (1): 139/358 kB Progress (1): 143/358 kB Progress (1): 147/358 kB Progress (1): 152/358 kB Progress (1): 156/358 kB Progress (1): 160/358 kB Progress (1): 164/358 kB Progress (1): 168/358 kB Progress (1): 172/358 kB Progress (1): 176/358 kB Progress (1): 180/358 kB Progress (1): 184/358 kB Progress (1): 188/358 kB Progress (1): 193/358 kB Progress (1): 197/358 kB Progress (1): 201/358 kB Progress (1): 205/358 kB Progress (1): 209/358 kB Progress (1): 213/358 kB Progress (1): 217/358 kB Progress (1): 221/358 kB Progress (1): 225/358 kB Progress (1): 229/358 kB Progress (1): 233/358 kB Progress (1): 238/358 kB Progress (1): 242/358 kB Progress (1): 246/358 kB Progress (1): 250/358 kB Progress (1): 254/358 kB Progress (1): 258/358 kB Progress (1): 262/358 kB Progress (1): 266/358 kB Progress (1): 270/358 kB Progress (1): 274/358 kB Progress (1): 279/358 kB Progress (1): 283/358 kB Progress (1): 287/358 kB Progress (1): 291/358 kB Progress (1): 295/358 kB Progress (1): 299/358 kB Progress (1): 303/358 kB Progress (1): 307/358 kB Progress (1): 311/358 kB Progress (1): 315/358 kB Progress (1): 319/358 kB Progress (1): 324/358 kB Progress (1): 328/358 kB Progress (1): 332/358 kB Progress (1): 336/358 kB Progress (1): 340/358 kB Progress (1): 344/358 kB Progress (1): 348/358 kB Progress (1): 352/358 kB Progress (1): 356/358 kB Progress (1): 358 kB Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 409 kB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 180 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 288 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 791 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 178 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 343 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 206 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/263 kB Progress (1): 7.7/263 kB Progress (1): 12/263 kB Progress (1): 16/263 kB Progress (1): 20/263 kB Progress (1): 24/263 kB Progress (1): 28/263 kB Progress (1): 32/263 kB Progress (1): 36/263 kB Progress (1): 40/263 kB Progress (1): 45/263 kB Progress (1): 49/263 kB Progress (1): 53/263 kB Progress (1): 57/263 kB Progress (1): 61/263 kB Progress (1): 65/263 kB Progress (1): 69/263 kB Progress (1): 73/263 kB Progress (1): 77/263 kB Progress (1): 81/263 kB Progress (2): 81/263 kB | 4.1/316 kB Progress (2): 86/263 kB | 4.1/316 kB Progress (2): 86/263 kB | 7.7/316 kB Progress (2): 90/263 kB | 7.7/316 kB Progress (2): 94/263 kB | 7.7/316 kB Progress (2): 98/263 kB | 7.7/316 kB Progress (2): 98/263 kB | 12/316 kB Progress (2): 98/263 kB | 16/316 kB Progress (2): 102/263 kB | 16/316 kB Progress (2): 102/263 kB | 20/316 kB Progress (2): 106/263 kB | 20/316 kB Progress (2): 106/263 kB | 24/316 kB Progress (2): 110/263 kB | 24/316 kB Progress (2): 114/263 kB | 24/316 kB Progress (2): 114/263 kB | 28/316 kB Progress (2): 114/263 kB | 32/316 kB Progress (2): 114/263 kB | 36/316 kB Progress (2): 114/263 kB | 40/316 kB Progress (2): 114/263 kB | 45/316 kB Progress (2): 114/263 kB | 49/316 kB Progress (2): 114/263 kB | 53/316 kB Progress (2): 114/263 kB | 57/316 kB Progress (2): 114/263 kB | 61/316 kB Progress (2): 114/263 kB | 65/316 kB Progress (2): 114/263 kB | 69/316 kB Progress (2): 114/263 kB | 73/316 kB Progress (2): 114/263 kB | 77/316 kB Progress (2): 114/263 kB | 81/316 kB Progress (2): 118/263 kB | 81/316 kB Progress (2): 118/263 kB | 86/316 kB Progress (2): 122/263 kB | 86/316 kB Progress (2): 122/263 kB | 90/316 kB Progress (2): 126/263 kB | 90/316 kB Progress (2): 131/263 kB | 90/316 kB Progress (2): 131/263 kB | 94/316 kB Progress (2): 135/263 kB | 94/316 kB Progress (2): 135/263 kB | 98/316 kB Progress (2): 135/263 kB | 102/316 kB Progress (2): 135/263 kB | 106/316 kB Progress (2): 139/263 kB | 106/316 kB Progress (2): 139/263 kB | 110/316 kB Progress (2): 143/263 kB | 110/316 kB Progress (2): 143/263 kB | 114/316 kB Progress (2): 147/263 kB | 114/316 kB Progress (2): 147/263 kB | 118/316 kB Progress (2): 147/263 kB | 122/316 kB Progress (2): 151/263 kB | 122/316 kB Progress (2): 151/263 kB | 126/316 kB Progress (2): 155/263 kB | 126/316 kB Progress (2): 155/263 kB | 131/316 kB Progress (2): 159/263 kB | 131/316 kB Progress (2): 159/263 kB | 135/316 kB Progress (2): 163/263 kB | 135/316 kB Progress (2): 163/263 kB | 139/316 kB Progress (2): 163/263 kB | 143/316 kB Progress (2): 163/263 kB | 147/316 kB Progress (2): 163/263 kB | 151/316 kB Progress (2): 163/263 kB | 155/316 kB Progress (2): 163/263 kB | 159/316 kB Progress (2): 163/263 kB | 163/316 kB Progress (2): 163/263 kB | 167/316 kB Progress (2): 163/263 kB | 172/316 kB Progress (2): 163/263 kB | 176/316 kB Progress (2): 163/263 kB | 180/316 kB Progress (2): 163/263 kB | 184/316 kB Progress (2): 163/263 kB | 188/316 kB Progress (2): 163/263 kB | 192/316 kB Progress (2): 163/263 kB | 196/316 kB Progress (2): 163/263 kB | 200/316 kB Progress (2): 163/263 kB | 204/316 kB Progress (2): 167/263 kB | 204/316 kB Progress (2): 167/263 kB | 208/316 kB Progress (2): 172/263 kB | 208/316 kB Progress (2): 172/263 kB | 213/316 kB Progress (2): 176/263 kB | 213/316 kB Progress (2): 176/263 kB | 217/316 kB Progress (2): 180/263 kB | 217/316 kB Progress (2): 180/263 kB | 221/316 kB Progress (2): 180/263 kB | 225/316 kB Progress (2): 184/263 kB | 225/316 kB Progress (2): 184/263 kB | 229/316 kB Progress (2): 188/263 kB | 229/316 kB Progress (2): 188/263 kB | 233/316 kB Progress (2): 192/263 kB | 233/316 kB Progress (2): 192/263 kB | 237/316 kB Progress (2): 196/263 kB | 237/316 kB Progress (2): 196/263 kB | 241/316 kB Progress (2): 200/263 kB | 241/316 kB Progress (2): 200/263 kB | 245/316 kB Progress (2): 204/263 kB | 245/316 kB Progress (2): 204/263 kB | 249/316 kB Progress (2): 208/263 kB | 249/316 kB Progress (2): 208/263 kB | 253/316 kB Progress (2): 213/263 kB | 253/316 kB Progress (2): 213/263 kB | 258/316 kB Progress (2): 213/263 kB | 262/316 kB Progress (2): 213/263 kB | 266/316 kB Progress (2): 213/263 kB | 270/316 kB Progress (2): 213/263 kB | 274/316 kB Progress (2): 213/263 kB | 278/316 kB Progress (2): 213/263 kB | 282/316 kB Progress (2): 213/263 kB | 286/316 kB Progress (2): 213/263 kB | 290/316 kB Progress (2): 213/263 kB | 294/316 kB Progress (2): 213/263 kB | 299/316 kB Progress (2): 213/263 kB | 303/316 kB Progress (2): 213/263 kB | 307/316 kB Progress (2): 213/263 kB | 311/316 kB Progress (2): 213/263 kB | 315/316 kB Progress (2): 213/263 kB | 316 kB Progress (2): 217/263 kB | 316 kB Progress (2): 221/263 kB | 316 kB Progress (2): 225/263 kB | 316 kB Progress (2): 229/263 kB | 316 kB Progress (2): 233/263 kB | 316 kB Progress (2): 237/263 kB | 316 kB Progress (2): 241/263 kB | 316 kB Progress (2): 245/263 kB | 316 kB Progress (2): 249/263 kB | 316 kB Progress (2): 253/263 kB | 316 kB Progress (2): 258/263 kB | 316 kB Progress (2): 262/263 kB | 316 kB Progress (2): 263 kB | 316 kB Progress (3): 263 kB | 316 kB | 4.1/31 kB Progress (3): 263 kB | 316 kB | 7.7/31 kB Progress (3): 263 kB | 316 kB | 12/31 kB Progress (3): 263 kB | 316 kB | 16/31 kB Progress (3): 263 kB | 316 kB | 20/31 kB Progress (3): 263 kB | 316 kB | 24/31 kB Progress (3): 263 kB | 316 kB | 28/31 kB Progress (3): 263 kB | 316 kB | 31 kB Progress (4): 263 kB | 316 kB | 31 kB | 4.1/35 kB Progress (4): 263 kB | 316 kB | 31 kB | 7.7/35 kB Progress (4): 263 kB | 316 kB | 31 kB | 12/35 kB Progress (4): 263 kB | 316 kB | 31 kB | 16/35 kB Progress (4): 263 kB | 316 kB | 31 kB | 20/35 kB Progress (4): 263 kB | 316 kB | 31 kB | 24/35 kB Progress (4): 263 kB | 316 kB | 31 kB | 28/35 kB Progress (4): 263 kB | 316 kB | 31 kB | 32/35 kB Progress (4): 263 kB | 316 kB | 31 kB | 35 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 4.1/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 7.7/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 12/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 16/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 20/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 24/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 28/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 32/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 36/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 40/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 45/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 49/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 53/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 57/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 61/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 65/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 69/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 73/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 77/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 81/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 86/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 90/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 94/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 98/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 102/118 kB Progress (5): 263 kB | 316 kB | 31 kB | 35 kB | 106/118 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 5.1 MB/s) Progress (4): 316 kB | 31 kB | 35 kB | 110/118 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Progress (4): 316 kB | 31 kB | 35 kB | 114/118 kB Progress (4): 316 kB | 31 kB | 35 kB | 118 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 6.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 586 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 588 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Progress (2): 118 kB | 4.1/10 kB Progress (2): 118 kB | 7.7/10 kB Progress (2): 118 kB | 10 kB Progress (3): 118 kB | 10 kB | 4.1/38 kB Progress (3): 118 kB | 10 kB | 7.7/38 kB Progress (3): 118 kB | 10 kB | 12/38 kB Progress (3): 118 kB | 10 kB | 16/38 kB Progress (3): 118 kB | 10 kB | 20/38 kB Progress (3): 118 kB | 10 kB | 24/38 kB Progress (3): 118 kB | 10 kB | 28/38 kB Progress (3): 118 kB | 10 kB | 32/38 kB Progress (3): 118 kB | 10 kB | 36/38 kB Progress (3): 118 kB | 10 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 1.5 MB/s) Progress (3): 10 kB | 38 kB | 4.1/232 kB Progress (3): 10 kB | 38 kB | 8.2/232 kB Progress (3): 10 kB | 38 kB | 12/232 kB Progress (3): 10 kB | 38 kB | 16/232 kB Progress (3): 10 kB | 38 kB | 20/232 kB Progress (3): 10 kB | 38 kB | 25/232 kB Progress (3): 10 kB | 38 kB | 29/232 kB Progress (3): 10 kB | 38 kB | 33/232 kB Progress (3): 10 kB | 38 kB | 37/232 kB Progress (3): 10 kB | 38 kB | 41/232 kB Progress (3): 10 kB | 38 kB | 45/232 kB Progress (3): 10 kB | 38 kB | 49/232 kB Progress (3): 10 kB | 38 kB | 53/232 kB Progress (3): 10 kB | 38 kB | 57/232 kB Progress (3): 10 kB | 38 kB | 61/232 kB Progress (3): 10 kB | 38 kB | 66/232 kB Progress (3): 10 kB | 38 kB | 70/232 kB Progress (3): 10 kB | 38 kB | 74/232 kB Progress (3): 10 kB | 38 kB | 78/232 kB Progress (3): 10 kB | 38 kB | 82/232 kB Progress (3): 10 kB | 38 kB | 86/232 kB Progress (3): 10 kB | 38 kB | 90/232 kB Progress (3): 10 kB | 38 kB | 94/232 kB Progress (4): 10 kB | 38 kB | 94/232 kB | 4.1/14 kB Progress (4): 10 kB | 38 kB | 98/232 kB | 4.1/14 kB Progress (4): 10 kB | 38 kB | 102/232 kB | 4.1/14 kB Progress (4): 10 kB | 38 kB | 102/232 kB | 7.7/14 kB Progress (4): 10 kB | 38 kB | 106/232 kB | 7.7/14 kB Progress (4): 10 kB | 38 kB | 111/232 kB | 7.7/14 kB Progress (4): 10 kB | 38 kB | 115/232 kB | 7.7/14 kB Progress (4): 10 kB | 38 kB | 115/232 kB | 12/14 kB Progress (4): 10 kB | 38 kB | 119/232 kB | 12/14 kB Progress (4): 10 kB | 38 kB | 119/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 123/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 127/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 131/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 135/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 139/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 143/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 147/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 152/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 156/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 160/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 164/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 168/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 172/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 176/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 180/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 184/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 188/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 193/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 197/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 201/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 205/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 209/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 213/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 217/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 221/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 225/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 229/232 kB | 14 kB Progress (4): 10 kB | 38 kB | 232 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 106 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 391 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 2.2 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 118 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 91 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 270 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 239 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 341 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 270 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 358 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 7.7 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 277 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 113 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 339 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/41 kB Progress (1): 7.7/41 kB Progress (1): 12/41 kB Progress (1): 16/41 kB Progress (1): 20/41 kB Progress (1): 24/41 kB Progress (1): 28/41 kB Progress (1): 32/41 kB Progress (1): 36/41 kB Progress (1): 40/41 kB Progress (1): 41 kB Progress (2): 41 kB | 4.1/26 kB Progress (2): 41 kB | 7.7/26 kB Progress (2): 41 kB | 12/26 kB Progress (2): 41 kB | 16/26 kB Progress (2): 41 kB | 20/26 kB Progress (2): 41 kB | 24/26 kB Progress (2): 41 kB | 26 kB Progress (3): 41 kB | 26 kB | 4.1/36 kB Progress (3): 41 kB | 26 kB | 7.7/36 kB Progress (3): 41 kB | 26 kB | 12/36 kB Progress (3): 41 kB | 26 kB | 16/36 kB Progress (3): 41 kB | 26 kB | 20/36 kB Progress (3): 41 kB | 26 kB | 24/36 kB Progress (3): 41 kB | 26 kB | 28/36 kB Progress (3): 41 kB | 26 kB | 32/36 kB Progress (3): 41 kB | 26 kB | 36 kB Progress (4): 41 kB | 26 kB | 36 kB | 4.1/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 7.7/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 12/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 16/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 20/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 24/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 28/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 32/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 36/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 40/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 45/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 49/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 53/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 57/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 61/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 65/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 69/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 73/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 77/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 727 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Progress (4): 41 kB | 26 kB | 79 kB | 4.1/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 7.7/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 12/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 16/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 20/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 24/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 28/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 32/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 36/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 40/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 45/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 49/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 53/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 57/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 61/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 65/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 69/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 73/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 77/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 81/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 86/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 90/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 94/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 98/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 102/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 106/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 110/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 114/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 118/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 122/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 126/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 131/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 135/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 139/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 143/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 147/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 151/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 155/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 159/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 163/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 167/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 172/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 176/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 180/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 184/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 188/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 192/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 196/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 200/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 204/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 208/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 213/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 217/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 221/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 225/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 229/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 233/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 237/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 241/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 245/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 249/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 253/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 258/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 262/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 266/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 270/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 274/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 278/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 282/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 286/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 290/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 294/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 299/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 303/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 307/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 311/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 314/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 318/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 322/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 326/327 kB Progress (4): 41 kB | 26 kB | 79 kB | 327 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 685 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 416 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Progress (2): 327 kB | 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 3.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (2): 2.5 kB | 0/1.0 MB Progress (2): 2.5 kB | 0/1.0 MB Progress (2): 2.5 kB | 0/1.0 MB Progress (2): 2.5 kB | 0/1.0 MB Progress (2): 2.5 kB | 0/1.0 MB Progress (2): 2.5 kB | 0/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 27 kB/s) Progress (1): 0.2/1.0 MB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (2): 0.3/1.0 MB | 4.1/211 kB Progress (2): 0.3/1.0 MB | 4.1/211 kB Progress (2): 0.3/1.0 MB | 7.7/211 kB Progress (2): 0.3/1.0 MB | 7.7/211 kB Progress (2): 0.3/1.0 MB | 12/211 kB Progress (2): 0.3/1.0 MB | 12/211 kB Progress (2): 0.3/1.0 MB | 16/211 kB Progress (2): 0.3/1.0 MB | 16/211 kB Progress (2): 0.3/1.0 MB | 20/211 kB Progress (2): 0.3/1.0 MB | 20/211 kB Progress (2): 0.3/1.0 MB | 24/211 kB Progress (2): 0.3/1.0 MB | 24/211 kB Progress (2): 0.3/1.0 MB | 28/211 kB Progress (2): 0.3/1.0 MB | 28/211 kB Progress (2): 0.3/1.0 MB | 32/211 kB Progress (2): 0.4/1.0 MB | 32/211 kB Progress (2): 0.4/1.0 MB | 36/211 kB Progress (2): 0.4/1.0 MB | 36/211 kB Progress (2): 0.4/1.0 MB | 40/211 kB Progress (2): 0.4/1.0 MB | 40/211 kB Progress (2): 0.4/1.0 MB | 40/211 kB Progress (2): 0.4/1.0 MB | 45/211 kB Progress (2): 0.4/1.0 MB | 45/211 kB Progress (2): 0.4/1.0 MB | 49/211 kB Progress (2): 0.4/1.0 MB | 49/211 kB Progress (2): 0.4/1.0 MB | 53/211 kB Progress (2): 0.4/1.0 MB | 53/211 kB Progress (2): 0.4/1.0 MB | 57/211 kB Progress (2): 0.4/1.0 MB | 57/211 kB Progress (2): 0.4/1.0 MB | 57/211 kB Progress (2): 0.4/1.0 MB | 57/211 kB Progress (2): 0.4/1.0 MB | 57/211 kB Progress (2): 0.4/1.0 MB | 57/211 kB Progress (2): 0.5/1.0 MB | 57/211 kB Progress (2): 0.5/1.0 MB | 57/211 kB Progress (2): 0.5/1.0 MB | 57/211 kB Progress (2): 0.5/1.0 MB | 57/211 kB Progress (2): 0.5/1.0 MB | 57/211 kB Progress (2): 0.5/1.0 MB | 57/211 kB Progress (2): 0.5/1.0 MB | 57/211 kB Progress (2): 0.5/1.0 MB | 61/211 kB Progress (2): 0.5/1.0 MB | 61/211 kB Progress (2): 0.5/1.0 MB | 65/211 kB Progress (2): 0.5/1.0 MB | 69/211 kB Progress (2): 0.5/1.0 MB | 69/211 kB Progress (2): 0.5/1.0 MB | 73/211 kB Progress (2): 0.5/1.0 MB | 73/211 kB Progress (2): 0.5/1.0 MB | 77/211 kB Progress (2): 0.5/1.0 MB | 77/211 kB Progress (2): 0.5/1.0 MB | 81/211 kB Progress (2): 0.5/1.0 MB | 81/211 kB Progress (2): 0.5/1.0 MB | 86/211 kB Progress (2): 0.5/1.0 MB | 86/211 kB Progress (2): 0.6/1.0 MB | 86/211 kB Progress (2): 0.6/1.0 MB | 90/211 kB Progress (2): 0.6/1.0 MB | 90/211 kB Progress (2): 0.6/1.0 MB | 94/211 kB Progress (2): 0.6/1.0 MB | 94/211 kB Progress (2): 0.6/1.0 MB | 98/211 kB Progress (2): 0.6/1.0 MB | 98/211 kB Progress (2): 0.6/1.0 MB | 102/211 kB Progress (2): 0.6/1.0 MB | 106/211 kB Progress (2): 0.6/1.0 MB | 106/211 kB Progress (2): 0.6/1.0 MB | 110/211 kB Progress (2): 0.6/1.0 MB | 110/211 kB Progress (2): 0.6/1.0 MB | 114/211 kB Progress (2): 0.6/1.0 MB | 118/211 kB Progress (2): 0.6/1.0 MB | 118/211 kB Progress (2): 0.6/1.0 MB | 122/211 kB Progress (2): 0.6/1.0 MB | 122/211 kB Progress (2): 0.6/1.0 MB | 126/211 kB Progress (2): 0.6/1.0 MB | 131/211 kB Progress (2): 0.6/1.0 MB | 131/211 kB Progress (2): 0.6/1.0 MB | 135/211 kB Progress (2): 0.6/1.0 MB | 135/211 kB Progress (2): 0.6/1.0 MB | 139/211 kB Progress (2): 0.6/1.0 MB | 139/211 kB Progress (2): 0.6/1.0 MB | 143/211 kB Progress (2): 0.6/1.0 MB | 143/211 kB Progress (2): 0.6/1.0 MB | 147/211 kB Progress (2): 0.6/1.0 MB | 151/211 kB Progress (2): 0.7/1.0 MB | 151/211 kB Progress (2): 0.7/1.0 MB | 155/211 kB Progress (2): 0.7/1.0 MB | 155/211 kB Progress (2): 0.7/1.0 MB | 159/211 kB Progress (2): 0.7/1.0 MB | 159/211 kB Progress (2): 0.7/1.0 MB | 163/211 kB Progress (2): 0.7/1.0 MB | 163/211 kB Progress (2): 0.7/1.0 MB | 167/211 kB Progress (2): 0.7/1.0 MB | 172/211 kB Progress (2): 0.7/1.0 MB | 172/211 kB Progress (2): 0.7/1.0 MB | 172/211 kB Progress (2): 0.7/1.0 MB | 176/211 kB Progress (2): 0.7/1.0 MB | 176/211 kB Progress (2): 0.7/1.0 MB | 180/211 kB Progress (2): 0.7/1.0 MB | 180/211 kB Progress (2): 0.7/1.0 MB | 184/211 kB Progress (2): 0.7/1.0 MB | 184/211 kB Progress (2): 0.7/1.0 MB | 188/211 kB Progress (2): 0.7/1.0 MB | 188/211 kB Progress (2): 0.7/1.0 MB | 192/211 kB Progress (2): 0.7/1.0 MB | 192/211 kB Progress (2): 0.7/1.0 MB | 196/211 kB Progress (2): 0.7/1.0 MB | 196/211 kB Progress (2): 0.7/1.0 MB | 200/211 kB Progress (2): 0.7/1.0 MB | 204/211 kB Progress (2): 0.7/1.0 MB | 204/211 kB Progress (2): 0.7/1.0 MB | 208/211 kB Progress (2): 0.8/1.0 MB | 208/211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.8/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 0.9/1.0 MB | 211 kB Progress (2): 1.0/1.0 MB | 211 kB Progress (2): 1.0/1.0 MB | 211 kB Progress (2): 1.0/1.0 MB | 211 kB Progress (2): 1.0/1.0 MB | 211 kB Progress (2): 1.0/1.0 MB | 211 kB Progress (2): 1.0/1.0 MB | 211 kB Progress (2): 1.0/1.0 MB | 211 kB Progress (2): 1.0/1.0 MB | 211 kB Progress (2): 1.0/1.0 MB | 211 kB Progress (2): 1.0 MB | 211 kB Progress (3): 1.0 MB | 211 kB | 4.1/58 kB Progress (3): 1.0 MB | 211 kB | 8.2/58 kB Progress (3): 1.0 MB | 211 kB | 12/58 kB Progress (3): 1.0 MB | 211 kB | 16/58 kB Progress (4): 1.0 MB | 211 kB | 16/58 kB | 4.1/85 kB Progress (4): 1.0 MB | 211 kB | 20/58 kB | 4.1/85 kB Progress (4): 1.0 MB | 211 kB | 25/58 kB | 4.1/85 kB Progress (4): 1.0 MB | 211 kB | 25/58 kB | 7.7/85 kB Progress (4): 1.0 MB | 211 kB | 29/58 kB | 7.7/85 kB Progress (4): 1.0 MB | 211 kB | 29/58 kB | 12/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 12/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 16/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 20/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 24/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 28/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 32/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 36/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 40/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 45/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 49/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 53/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 57/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 61/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 65/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 69/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 73/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 77/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 81/85 kB Progress (4): 1.0 MB | 211 kB | 33/58 kB | 85 kB Progress (4): 1.0 MB | 211 kB | 37/58 kB | 85 kB Progress (4): 1.0 MB | 211 kB | 41/58 kB | 85 kB Progress (4): 1.0 MB | 211 kB | 45/58 kB | 85 kB Progress (4): 1.0 MB | 211 kB | 49/58 kB | 85 kB Progress (4): 1.0 MB | 211 kB | 53/58 kB | 85 kB Progress (4): 1.0 MB | 211 kB | 57/58 kB | 85 kB Progress (4): 1.0 MB | 211 kB | 58 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 8.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Progress (4): 211 kB | 58 kB | 85 kB | 4.1/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 7.7/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 12/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 16/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 20/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 24/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 28/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 32/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 36/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 40/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 45/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 49/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 53/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 57/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 61/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 65/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 69/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 73/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 77/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 81/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 86/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 90/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 94/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 98/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 102/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 106/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 110/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 114/116 kB Progress (4): 211 kB | 58 kB | 85 kB | 116 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 1.6 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 593 kB/s) Progress (3): 58 kB | 116 kB | 4.1/267 kB Progress (3): 58 kB | 116 kB | 8.2/267 kB Progress (3): 58 kB | 116 kB | 12/267 kB Progress (3): 58 kB | 116 kB | 16/267 kB Progress (3): 58 kB | 116 kB | 20/267 kB Progress (3): 58 kB | 116 kB | 25/267 kB Progress (3): 58 kB | 116 kB | 29/267 kB Progress (3): 58 kB | 116 kB | 33/267 kB Progress (3): 58 kB | 116 kB | 37/267 kB Progress (3): 58 kB | 116 kB | 41/267 kB Progress (3): 58 kB | 116 kB | 45/267 kB Progress (3): 58 kB | 116 kB | 49/267 kB Progress (3): 58 kB | 116 kB | 53/267 kB Progress (3): 58 kB | 116 kB | 57/267 kB Progress (3): 58 kB | 116 kB | 61/267 kB Progress (3): 58 kB | 116 kB | 66/267 kB Progress (3): 58 kB | 116 kB | 70/267 kB Progress (3): 58 kB | 116 kB | 74/267 kB Progress (3): 58 kB | 116 kB | 78/267 kB Progress (3): 58 kB | 116 kB | 82/267 kB Progress (3): 58 kB | 116 kB | 86/267 kB Progress (3): 58 kB | 116 kB | 90/267 kB Progress (3): 58 kB | 116 kB | 94/267 kB Progress (3): 58 kB | 116 kB | 98/267 kB Progress (3): 58 kB | 116 kB | 102/267 kB Progress (3): 58 kB | 116 kB | 106/267 kB Progress (3): 58 kB | 116 kB | 111/267 kB Progress (3): 58 kB | 116 kB | 115/267 kB Progress (3): 58 kB | 116 kB | 119/267 kB Progress (3): 58 kB | 116 kB | 123/267 kB Progress (3): 58 kB | 116 kB | 127/267 kB Progress (3): 58 kB | 116 kB | 131/267 kB Progress (3): 58 kB | 116 kB | 135/267 kB Progress (3): 58 kB | 116 kB | 139/267 kB Progress (3): 58 kB | 116 kB | 143/267 kB Progress (3): 58 kB | 116 kB | 147/267 kB Progress (3): 58 kB | 116 kB | 152/267 kB Progress (3): 58 kB | 116 kB | 156/267 kB Progress (3): 58 kB | 116 kB | 160/267 kB Progress (3): 58 kB | 116 kB | 164/267 kB Progress (3): 58 kB | 116 kB | 168/267 kB Progress (3): 58 kB | 116 kB | 172/267 kB Progress (3): 58 kB | 116 kB | 176/267 kB Progress (3): 58 kB | 116 kB | 180/267 kB Progress (3): 58 kB | 116 kB | 184/267 kB Progress (3): 58 kB | 116 kB | 188/267 kB Progress (3): 58 kB | 116 kB | 193/267 kB Progress (3): 58 kB | 116 kB | 197/267 kB Progress (3): 58 kB | 116 kB | 201/267 kB Progress (3): 58 kB | 116 kB | 205/267 kB Progress (3): 58 kB | 116 kB | 209/267 kB Progress (3): 58 kB | 116 kB | 213/267 kB Progress (3): 58 kB | 116 kB | 217/267 kB Progress (3): 58 kB | 116 kB | 221/267 kB Progress (3): 58 kB | 116 kB | 225/267 kB Progress (3): 58 kB | 116 kB | 229/267 kB Progress (3): 58 kB | 116 kB | 233/267 kB Progress (3): 58 kB | 116 kB | 238/267 kB Progress (3): 58 kB | 116 kB | 242/267 kB Progress (3): 58 kB | 116 kB | 246/267 kB Progress (3): 58 kB | 116 kB | 250/267 kB Progress (3): 58 kB | 116 kB | 254/267 kB Progress (3): 58 kB | 116 kB | 258/267 kB Progress (3): 58 kB | 116 kB | 262/267 kB Progress (3): 58 kB | 116 kB | 266/267 kB Progress (3): 58 kB | 116 kB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 379 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 691 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 1.5 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 405 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 429 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 93 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 91 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 169 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 182 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 270 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 138 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 250 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 981 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 398 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 151 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 112 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 341 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 395 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 398 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 317 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 236 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 244 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 170 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 715 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 183 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 284 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 195 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 258 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 248 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 156 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 574 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/49 kB Progress (1): 7.7/49 kB Progress (1): 12/49 kB Progress (1): 16/49 kB Progress (1): 20/49 kB Progress (1): 24/49 kB Progress (1): 28/49 kB Progress (1): 32/49 kB Progress (1): 36/49 kB Progress (1): 40/49 kB Progress (1): 45/49 kB Progress (1): 49/49 kB Progress (1): 49 kB Progress (2): 49 kB | 4.1/472 kB Progress (2): 49 kB | 7.7/472 kB Progress (2): 49 kB | 12/472 kB Progress (2): 49 kB | 16/472 kB Progress (2): 49 kB | 20/472 kB Progress (2): 49 kB | 24/472 kB Progress (2): 49 kB | 28/472 kB Progress (2): 49 kB | 32/472 kB Progress (2): 49 kB | 36/472 kB Progress (2): 49 kB | 40/472 kB Progress (2): 49 kB | 45/472 kB Progress (2): 49 kB | 49/472 kB Progress (2): 49 kB | 53/472 kB Progress (2): 49 kB | 57/472 kB Progress (2): 49 kB | 61/472 kB Progress (2): 49 kB | 65/472 kB Progress (2): 49 kB | 69/472 kB Progress (2): 49 kB | 73/472 kB Progress (2): 49 kB | 77/472 kB Progress (2): 49 kB | 81/472 kB Progress (2): 49 kB | 86/472 kB Progress (2): 49 kB | 90/472 kB Progress (2): 49 kB | 94/472 kB Progress (2): 49 kB | 98/472 kB Progress (3): 49 kB | 98/472 kB | 4.1/153 kB Progress (3): 49 kB | 98/472 kB | 7.7/153 kB Progress (3): 49 kB | 98/472 kB | 12/153 kB Progress (3): 49 kB | 98/472 kB | 16/153 kB Progress (3): 49 kB | 98/472 kB | 20/153 kB Progress (3): 49 kB | 98/472 kB | 24/153 kB Progress (3): 49 kB | 102/472 kB | 24/153 kB Progress (3): 49 kB | 102/472 kB | 28/153 kB Progress (3): 49 kB | 106/472 kB | 28/153 kB Progress (3): 49 kB | 110/472 kB | 28/153 kB Progress (3): 49 kB | 110/472 kB | 32/153 kB Progress (3): 49 kB | 114/472 kB | 32/153 kB Progress (3): 49 kB | 114/472 kB | 36/153 kB Progress (3): 49 kB | 114/472 kB | 40/153 kB Progress (3): 49 kB | 118/472 kB | 40/153 kB Progress (3): 49 kB | 118/472 kB | 44/153 kB Progress (3): 49 kB | 122/472 kB | 44/153 kB Progress (3): 49 kB | 122/472 kB | 48/153 kB Progress (3): 49 kB | 126/472 kB | 48/153 kB Progress (3): 49 kB | 126/472 kB | 53/153 kB Progress (3): 49 kB | 131/472 kB | 53/153 kB Progress (3): 49 kB | 131/472 kB | 57/153 kB Progress (3): 49 kB | 131/472 kB | 61/153 kB Progress (3): 49 kB | 131/472 kB | 65/153 kB Progress (3): 49 kB | 131/472 kB | 69/153 kB Progress (3): 49 kB | 131/472 kB | 73/153 kB Progress (3): 49 kB | 131/472 kB | 77/153 kB Progress (3): 49 kB | 131/472 kB | 81/153 kB Progress (3): 49 kB | 131/472 kB | 85/153 kB Progress (3): 49 kB | 131/472 kB | 89/153 kB Progress (3): 49 kB | 131/472 kB | 93/153 kB Progress (3): 49 kB | 131/472 kB | 98/153 kB Progress (3): 49 kB | 131/472 kB | 102/153 kB Progress (3): 49 kB | 131/472 kB | 106/153 kB Progress (3): 49 kB | 131/472 kB | 110/153 kB Progress (3): 49 kB | 131/472 kB | 114/153 kB Progress (3): 49 kB | 131/472 kB | 118/153 kB Progress (3): 49 kB | 131/472 kB | 122/153 kB Progress (3): 49 kB | 131/472 kB | 126/153 kB Progress (3): 49 kB | 131/472 kB | 130/153 kB Progress (3): 49 kB | 131/472 kB | 134/153 kB Progress (3): 49 kB | 135/472 kB | 134/153 kB Progress (3): 49 kB | 135/472 kB | 139/153 kB Progress (3): 49 kB | 135/472 kB | 143/153 kB Progress (3): 49 kB | 139/472 kB | 143/153 kB Progress (3): 49 kB | 139/472 kB | 147/153 kB Progress (3): 49 kB | 143/472 kB | 147/153 kB Progress (3): 49 kB | 143/472 kB | 151/153 kB Progress (3): 49 kB | 147/472 kB | 151/153 kB Progress (3): 49 kB | 147/472 kB | 153 kB Progress (3): 49 kB | 151/472 kB | 153 kB Progress (3): 49 kB | 155/472 kB | 153 kB Progress (3): 49 kB | 159/472 kB | 153 kB Progress (3): 49 kB | 163/472 kB | 153 kB Progress (3): 49 kB | 167/472 kB | 153 kB Progress (3): 49 kB | 172/472 kB | 153 kB Progress (3): 49 kB | 176/472 kB | 153 kB Progress (3): 49 kB | 180/472 kB | 153 kB Progress (3): 49 kB | 184/472 kB | 153 kB Progress (3): 49 kB | 188/472 kB | 153 kB Progress (3): 49 kB | 192/472 kB | 153 kB Progress (3): 49 kB | 196/472 kB | 153 kB Progress (3): 49 kB | 200/472 kB | 153 kB Progress (3): 49 kB | 204/472 kB | 153 kB Progress (3): 49 kB | 208/472 kB | 153 kB Progress (3): 49 kB | 212/472 kB | 153 kB Progress (3): 49 kB | 217/472 kB | 153 kB Progress (3): 49 kB | 221/472 kB | 153 kB Progress (3): 49 kB | 224/472 kB | 153 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 4.1/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 7.7/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 12/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 16/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 20/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 24/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 28/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 32/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 36/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 40/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 45/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 49/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 53/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 57/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 61/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 65/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 69/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 73/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 77/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 81/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 86/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 90/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 94/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 98/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 102/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 106/165 kB Progress (4): 49 kB | 224/472 kB | 153 kB | 110/165 kB Progress (4): 49 kB | 228/472 kB | 153 kB | 110/165 kB Progress (4): 49 kB | 228/472 kB | 153 kB | 114/165 kB Progress (4): 49 kB | 233/472 kB | 153 kB | 114/165 kB Progress (4): 49 kB | 233/472 kB | 153 kB | 118/165 kB Progress (4): 49 kB | 237/472 kB | 153 kB | 118/165 kB Progress (4): 49 kB | 237/472 kB | 153 kB | 122/165 kB Progress (4): 49 kB | 241/472 kB | 153 kB | 122/165 kB Progress (4): 49 kB | 241/472 kB | 153 kB | 126/165 kB Progress (4): 49 kB | 245/472 kB | 153 kB | 126/165 kB Progress (4): 49 kB | 245/472 kB | 153 kB | 131/165 kB Progress (4): 49 kB | 249/472 kB | 153 kB | 131/165 kB Progress (4): 49 kB | 249/472 kB | 153 kB | 135/165 kB Progress (4): 49 kB | 253/472 kB | 153 kB | 135/165 kB Progress (4): 49 kB | 257/472 kB | 153 kB | 135/165 kB Progress (4): 49 kB | 257/472 kB | 153 kB | 139/165 kB Progress (4): 49 kB | 257/472 kB | 153 kB | 143/165 kB Progress (4): 49 kB | 257/472 kB | 153 kB | 147/165 kB Progress (4): 49 kB | 257/472 kB | 153 kB | 151/165 kB Progress (4): 49 kB | 257/472 kB | 153 kB | 155/165 kB Progress (4): 49 kB | 257/472 kB | 153 kB | 159/165 kB Progress (4): 49 kB | 257/472 kB | 153 kB | 163/165 kB Progress (4): 49 kB | 257/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 261/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 265/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 269/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 273/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 278/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 282/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 286/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 290/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 294/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 298/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 302/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 306/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 310/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 314/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 319/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 323/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 327/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 331/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 335/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 339/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 343/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 347/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 351/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 355/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 359/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 364/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 368/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 372/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 376/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 380/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 384/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 388/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 392/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 396/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 400/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 405/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 409/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 413/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 417/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 421/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 425/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 429/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 433/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 437/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 441/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 446/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 450/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 454/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 458/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 462/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 466/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 470/472 kB | 153 kB | 165 kB Progress (4): 49 kB | 472 kB | 153 kB | 165 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 978 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Progress (4): 472 kB | 153 kB | 165 kB | 4.1/202 kB Progress (4): 472 kB | 153 kB | 165 kB | 7.7/202 kB Progress (4): 472 kB | 153 kB | 165 kB | 12/202 kB Progress (4): 472 kB | 153 kB | 165 kB | 16/202 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 2.5 MB/s) Progress (3): 472 kB | 165 kB | 20/202 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Progress (3): 472 kB | 165 kB | 24/202 kB Progress (3): 472 kB | 165 kB | 28/202 kB Progress (3): 472 kB | 165 kB | 32/202 kB Progress (3): 472 kB | 165 kB | 36/202 kB Progress (3): 472 kB | 165 kB | 40/202 kB Progress (3): 472 kB | 165 kB | 45/202 kB Progress (3): 472 kB | 165 kB | 49/202 kB Progress (3): 472 kB | 165 kB | 53/202 kB Progress (3): 472 kB | 165 kB | 57/202 kB Progress (3): 472 kB | 165 kB | 61/202 kB Progress (3): 472 kB | 165 kB | 65/202 kB Progress (3): 472 kB | 165 kB | 69/202 kB Progress (3): 472 kB | 165 kB | 73/202 kB Progress (3): 472 kB | 165 kB | 77/202 kB Progress (3): 472 kB | 165 kB | 81/202 kB Progress (3): 472 kB | 165 kB | 86/202 kB Progress (3): 472 kB | 165 kB | 90/202 kB Progress (3): 472 kB | 165 kB | 94/202 kB Progress (3): 472 kB | 165 kB | 98/202 kB Progress (3): 472 kB | 165 kB | 102/202 kB Progress (3): 472 kB | 165 kB | 106/202 kB Progress (3): 472 kB | 165 kB | 110/202 kB Progress (3): 472 kB | 165 kB | 114/202 kB Progress (3): 472 kB | 165 kB | 118/202 kB Progress (3): 472 kB | 165 kB | 122/202 kB Progress (3): 472 kB | 165 kB | 126/202 kB Progress (3): 472 kB | 165 kB | 131/202 kB Progress (3): 472 kB | 165 kB | 135/202 kB Progress (3): 472 kB | 165 kB | 139/202 kB Progress (3): 472 kB | 165 kB | 143/202 kB Progress (3): 472 kB | 165 kB | 147/202 kB Progress (3): 472 kB | 165 kB | 151/202 kB Progress (3): 472 kB | 165 kB | 155/202 kB Progress (3): 472 kB | 165 kB | 159/202 kB Progress (3): 472 kB | 165 kB | 163/202 kB Progress (3): 472 kB | 165 kB | 167/202 kB Progress (3): 472 kB | 165 kB | 172/202 kB Progress (3): 472 kB | 165 kB | 176/202 kB Progress (3): 472 kB | 165 kB | 180/202 kB Progress (3): 472 kB | 165 kB | 184/202 kB Progress (3): 472 kB | 165 kB | 188/202 kB Progress (3): 472 kB | 165 kB | 192/202 kB Progress (3): 472 kB | 165 kB | 196/202 kB Progress (3): 472 kB | 165 kB | 200/202 kB Progress (3): 472 kB | 165 kB | 202 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 2.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Progress (3): 472 kB | 202 kB | 4.1/527 kB Progress (3): 472 kB | 202 kB | 7.7/527 kB Progress (3): 472 kB | 202 kB | 12/527 kB Progress (3): 472 kB | 202 kB | 16/527 kB Progress (3): 472 kB | 202 kB | 20/527 kB Progress (3): 472 kB | 202 kB | 24/527 kB Progress (3): 472 kB | 202 kB | 28/527 kB Progress (3): 472 kB | 202 kB | 32/527 kB Progress (3): 472 kB | 202 kB | 36/527 kB Progress (3): 472 kB | 202 kB | 40/527 kB Progress (3): 472 kB | 202 kB | 44/527 kB Progress (3): 472 kB | 202 kB | 48/527 kB Progress (3): 472 kB | 202 kB | 53/527 kB Progress (3): 472 kB | 202 kB | 57/527 kB Progress (3): 472 kB | 202 kB | 61/527 kB Progress (3): 472 kB | 202 kB | 65/527 kB Progress (3): 472 kB | 202 kB | 69/527 kB Progress (3): 472 kB | 202 kB | 73/527 kB Progress (3): 472 kB | 202 kB | 77/527 kB Progress (3): 472 kB | 202 kB | 81/527 kB Progress (3): 472 kB | 202 kB | 85/527 kB Progress (3): 472 kB | 202 kB | 89/527 kB Progress (3): 472 kB | 202 kB | 93/527 kB Progress (3): 472 kB | 202 kB | 98/527 kB Progress (3): 472 kB | 202 kB | 102/527 kB Progress (3): 472 kB | 202 kB | 106/527 kB Progress (3): 472 kB | 202 kB | 110/527 kB Progress (3): 472 kB | 202 kB | 114/527 kB Progress (3): 472 kB | 202 kB | 118/527 kB Progress (3): 472 kB | 202 kB | 122/527 kB Progress (3): 472 kB | 202 kB | 126/527 kB Progress (3): 472 kB | 202 kB | 130/527 kB Progress (3): 472 kB | 202 kB | 134/527 kB Progress (3): 472 kB | 202 kB | 139/527 kB Progress (3): 472 kB | 202 kB | 143/527 kB Progress (3): 472 kB | 202 kB | 147/527 kB Progress (3): 472 kB | 202 kB | 151/527 kB Progress (3): 472 kB | 202 kB | 155/527 kB Progress (3): 472 kB | 202 kB | 159/527 kB Progress (3): 472 kB | 202 kB | 163/527 kB Progress (3): 472 kB | 202 kB | 167/527 kB Progress (3): 472 kB | 202 kB | 171/527 kB Progress (3): 472 kB | 202 kB | 175/527 kB Progress (3): 472 kB | 202 kB | 179/527 kB Progress (3): 472 kB | 202 kB | 184/527 kB Progress (3): 472 kB | 202 kB | 188/527 kB Progress (3): 472 kB | 202 kB | 192/527 kB Progress (3): 472 kB | 202 kB | 196/527 kB Progress (3): 472 kB | 202 kB | 200/527 kB Progress (3): 472 kB | 202 kB | 204/527 kB Progress (3): 472 kB | 202 kB | 208/527 kB Progress (3): 472 kB | 202 kB | 212/527 kB Progress (3): 472 kB | 202 kB | 216/527 kB Progress (3): 472 kB | 202 kB | 220/527 kB Progress (3): 472 kB | 202 kB | 225/527 kB Progress (3): 472 kB | 202 kB | 229/527 kB Progress (3): 472 kB | 202 kB | 233/527 kB Progress (3): 472 kB | 202 kB | 237/527 kB Progress (3): 472 kB | 202 kB | 241/527 kB Progress (3): 472 kB | 202 kB | 245/527 kB Progress (3): 472 kB | 202 kB | 249/527 kB Progress (3): 472 kB | 202 kB | 253/527 kB Progress (3): 472 kB | 202 kB | 257/527 kB Progress (3): 472 kB | 202 kB | 261/527 kB Progress (3): 472 kB | 202 kB | 266/527 kB Progress (3): 472 kB | 202 kB | 270/527 kB Progress (3): 472 kB | 202 kB | 274/527 kB Progress (3): 472 kB | 202 kB | 278/527 kB Progress (3): 472 kB | 202 kB | 282/527 kB Progress (3): 472 kB | 202 kB | 286/527 kB Progress (3): 472 kB | 202 kB | 290/527 kB Progress (3): 472 kB | 202 kB | 294/527 kB Progress (3): 472 kB | 202 kB | 298/527 kB Progress (3): 472 kB | 202 kB | 302/527 kB Progress (3): 472 kB | 202 kB | 306/527 kB Progress (3): 472 kB | 202 kB | 311/527 kB Progress (3): 472 kB | 202 kB | 315/527 kB Progress (3): 472 kB | 202 kB | 319/527 kB Progress (3): 472 kB | 202 kB | 323/527 kB Progress (3): 472 kB | 202 kB | 327/527 kB Progress (3): 472 kB | 202 kB | 331/527 kB Progress (3): 472 kB | 202 kB | 335/527 kB Progress (3): 472 kB | 202 kB | 339/527 kB Progress (3): 472 kB | 202 kB | 343/527 kB Progress (3): 472 kB | 202 kB | 347/527 kB Progress (3): 472 kB | 202 kB | 352/527 kB Progress (3): 472 kB | 202 kB | 356/527 kB Progress (3): 472 kB | 202 kB | 360/527 kB Progress (3): 472 kB | 202 kB | 364/527 kB Progress (3): 472 kB | 202 kB | 368/527 kB Progress (3): 472 kB | 202 kB | 372/527 kB Progress (3): 472 kB | 202 kB | 376/527 kB Progress (3): 472 kB | 202 kB | 380/527 kB Progress (3): 472 kB | 202 kB | 384/527 kB Progress (3): 472 kB | 202 kB | 388/527 kB Progress (3): 472 kB | 202 kB | 392/527 kB Progress (3): 472 kB | 202 kB | 397/527 kB Progress (3): 472 kB | 202 kB | 401/527 kB Progress (3): 472 kB | 202 kB | 405/527 kB Progress (3): 472 kB | 202 kB | 409/527 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 6.4 MB/s) Progress (2): 202 kB | 413/527 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Progress (2): 202 kB | 417/527 kB Progress (2): 202 kB | 421/527 kB Progress (2): 202 kB | 425/527 kB Progress (2): 202 kB | 429/527 kB Progress (2): 202 kB | 433/527 kB Progress (2): 202 kB | 438/527 kB Progress (2): 202 kB | 442/527 kB Progress (2): 202 kB | 446/527 kB Progress (2): 202 kB | 450/527 kB Progress (2): 202 kB | 454/527 kB Progress (2): 202 kB | 458/527 kB Progress (2): 202 kB | 462/527 kB Progress (2): 202 kB | 466/527 kB Progress (2): 202 kB | 470/527 kB Progress (2): 202 kB | 474/527 kB Progress (2): 202 kB | 479/527 kB Progress (2): 202 kB | 483/527 kB Progress (2): 202 kB | 487/527 kB Progress (2): 202 kB | 491/527 kB Progress (2): 202 kB | 494/527 kB Progress (2): 202 kB | 498/527 kB Progress (2): 202 kB | 502/527 kB Progress (2): 202 kB | 506/527 kB Progress (2): 202 kB | 510/527 kB Progress (2): 202 kB | 514/527 kB Progress (2): 202 kB | 519/527 kB Progress (2): 202 kB | 523/527 kB Progress (2): 202 kB | 527/527 kB Progress (2): 202 kB | 527 kB Progress (3): 202 kB | 527 kB | 4.1/47 kB Progress (3): 202 kB | 527 kB | 8.2/47 kB Progress (3): 202 kB | 527 kB | 12/47 kB Progress (3): 202 kB | 527 kB | 16/47 kB Progress (3): 202 kB | 527 kB | 20/47 kB Progress (3): 202 kB | 527 kB | 25/47 kB Progress (3): 202 kB | 527 kB | 29/47 kB Progress (3): 202 kB | 527 kB | 33/47 kB Progress (3): 202 kB | 527 kB | 37/47 kB Progress (3): 202 kB | 527 kB | 41/47 kB Progress (3): 202 kB | 527 kB | 45/47 kB Progress (3): 202 kB | 527 kB | 47 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 5.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Progress (3): 202 kB | 47 kB | 4.1/38 kB Progress (3): 202 kB | 47 kB | 7.7/38 kB Progress (3): 202 kB | 47 kB | 12/38 kB Progress (3): 202 kB | 47 kB | 16/38 kB Progress (3): 202 kB | 47 kB | 20/38 kB Progress (3): 202 kB | 47 kB | 22/38 kB Progress (3): 202 kB | 47 kB | 26/38 kB Progress (3): 202 kB | 47 kB | 30/38 kB Progress (3): 202 kB | 47 kB | 34/38 kB Progress (3): 202 kB | 47 kB | 38 kB Progress (4): 202 kB | 47 kB | 38 kB | 4.1/30 kB Progress (4): 202 kB | 47 kB | 38 kB | 7.7/30 kB Progress (4): 202 kB | 47 kB | 38 kB | 12/30 kB Progress (4): 202 kB | 47 kB | 38 kB | 16/30 kB Progress (4): 202 kB | 47 kB | 38 kB | 20/30 kB Progress (4): 202 kB | 47 kB | 38 kB | 24/30 kB Progress (4): 202 kB | 47 kB | 38 kB | 28/30 kB Progress (4): 202 kB | 47 kB | 38 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 420 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 226 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Progress (2): 38 kB | 4.1/51 kB Progress (2): 38 kB | 7.7/51 kB Progress (2): 38 kB | 12/51 kB Progress (2): 38 kB | 16/51 kB Progress (2): 38 kB | 20/51 kB Progress (2): 38 kB | 24/51 kB Progress (2): 38 kB | 28/51 kB Progress (2): 38 kB | 32/51 kB Progress (2): 38 kB | 36/51 kB Progress (2): 38 kB | 40/51 kB Progress (2): 38 kB | 44/51 kB Progress (2): 38 kB | 48/51 kB Progress (2): 38 kB | 51 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 264 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Progress (2): 51 kB | 4.1/14 kB Progress (2): 51 kB | 7.7/14 kB Progress (2): 51 kB | 12/14 kB Progress (2): 51 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 305 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Progress (2): 14 kB | 4.1/148 kB Progress (2): 14 kB | 7.7/148 kB Progress (2): 14 kB | 12/148 kB Progress (2): 14 kB | 16/148 kB Progress (2): 14 kB | 20/148 kB Progress (2): 14 kB | 24/148 kB Progress (2): 14 kB | 28/148 kB Progress (2): 14 kB | 32/148 kB Progress (2): 14 kB | 36/148 kB Progress (2): 14 kB | 40/148 kB Progress (2): 14 kB | 45/148 kB Progress (2): 14 kB | 49/148 kB Progress (2): 14 kB | 53/148 kB Progress (2): 14 kB | 57/148 kB Progress (2): 14 kB | 61/148 kB Progress (2): 14 kB | 65/148 kB Progress (2): 14 kB | 69/148 kB Progress (2): 14 kB | 73/148 kB Progress (2): 14 kB | 77/148 kB Progress (2): 14 kB | 81/148 kB Progress (2): 14 kB | 86/148 kB Progress (2): 14 kB | 90/148 kB Progress (2): 14 kB | 94/148 kB Progress (2): 14 kB | 98/148 kB Progress (2): 14 kB | 102/148 kB Progress (2): 14 kB | 106/148 kB Progress (2): 14 kB | 110/148 kB Progress (2): 14 kB | 114/148 kB Progress (2): 14 kB | 118/148 kB Progress (2): 14 kB | 122/148 kB Progress (2): 14 kB | 126/148 kB Progress (2): 14 kB | 131/148 kB Progress (2): 14 kB | 135/148 kB Progress (2): 14 kB | 139/148 kB Progress (2): 14 kB | 143/148 kB Progress (2): 14 kB | 147/148 kB Progress (2): 14 kB | 148 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Progress (2): 148 kB | 4.1/74 kB Progress (2): 148 kB | 7.7/74 kB Progress (2): 148 kB | 12/74 kB Progress (2): 148 kB | 16/74 kB Progress (2): 148 kB | 20/74 kB Progress (2): 148 kB | 24/74 kB Progress (2): 148 kB | 28/74 kB Progress (2): 148 kB | 32/74 kB Progress (2): 148 kB | 36/74 kB Progress (2): 148 kB | 40/74 kB Progress (2): 148 kB | 45/74 kB Progress (2): 148 kB | 49/74 kB Progress (2): 148 kB | 53/74 kB Progress (2): 148 kB | 57/74 kB Progress (2): 148 kB | 61/74 kB Progress (2): 148 kB | 65/74 kB Progress (2): 148 kB | 69/74 kB Progress (2): 148 kB | 73/74 kB Progress (2): 148 kB | 74 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 759 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Progress (2): 74 kB | 4.1/108 kB Progress (2): 74 kB | 7.7/108 kB Progress (2): 74 kB | 12/108 kB Progress (2): 74 kB | 16/108 kB Progress (2): 74 kB | 20/108 kB Progress (2): 74 kB | 24/108 kB Progress (2): 74 kB | 28/108 kB Progress (2): 74 kB | 32/108 kB Progress (2): 74 kB | 36/108 kB Progress (2): 74 kB | 40/108 kB Progress (2): 74 kB | 45/108 kB Progress (2): 74 kB | 49/108 kB Progress (2): 74 kB | 53/108 kB Progress (2): 74 kB | 57/108 kB Progress (2): 74 kB | 61/108 kB Progress (2): 74 kB | 65/108 kB Progress (2): 74 kB | 69/108 kB Progress (2): 74 kB | 73/108 kB Progress (2): 74 kB | 77/108 kB Progress (2): 74 kB | 81/108 kB Progress (2): 74 kB | 86/108 kB Progress (2): 74 kB | 90/108 kB Progress (2): 74 kB | 94/108 kB Progress (2): 74 kB | 98/108 kB Progress (2): 74 kB | 102/108 kB Progress (2): 74 kB | 106/108 kB Progress (2): 74 kB | 108 kB Progress (3): 74 kB | 108 kB | 4.1/61 kB Progress (3): 74 kB | 108 kB | 7.7/61 kB Progress (3): 74 kB | 108 kB | 12/61 kB Progress (3): 74 kB | 108 kB | 16/61 kB Progress (3): 74 kB | 108 kB | 20/61 kB Progress (3): 74 kB | 108 kB | 24/61 kB Progress (3): 74 kB | 108 kB | 28/61 kB Progress (3): 74 kB | 108 kB | 32/61 kB Progress (3): 74 kB | 108 kB | 36/61 kB Progress (3): 74 kB | 108 kB | 40/61 kB Progress (3): 74 kB | 108 kB | 45/61 kB Progress (3): 74 kB | 108 kB | 49/61 kB Progress (3): 74 kB | 108 kB | 53/61 kB Progress (3): 74 kB | 108 kB | 57/61 kB Progress (3): 74 kB | 108 kB | 61/61 kB Progress (3): 74 kB | 108 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 339 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 484 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Progress (2): 61 kB | 4.1/46 kB Progress (2): 61 kB | 7.7/46 kB Progress (2): 61 kB | 12/46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 267 kB/s) Progress (1): 16/46 kB Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Progress (1): 20/46 kB Progress (1): 24/46 kB Progress (1): 28/46 kB Progress (1): 32/46 kB Progress (1): 36/46 kB Progress (1): 40/46 kB Progress (1): 45/46 kB Progress (1): 46 kB Progress (2): 46 kB | 4.1/106 kB Progress (2): 46 kB | 7.7/106 kB Progress (2): 46 kB | 12/106 kB Progress (2): 46 kB | 16/106 kB Progress (2): 46 kB | 20/106 kB Progress (2): 46 kB | 24/106 kB Progress (3): 46 kB | 24/106 kB | 4.1/29 kB Progress (3): 46 kB | 24/106 kB | 7.7/29 kB Progress (3): 46 kB | 24/106 kB | 12/29 kB Progress (3): 46 kB | 24/106 kB | 16/29 kB Progress (3): 46 kB | 24/106 kB | 20/29 kB Progress (3): 46 kB | 24/106 kB | 24/29 kB Progress (3): 46 kB | 24/106 kB | 28/29 kB Progress (3): 46 kB | 24/106 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 185 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Progress (2): 28/106 kB | 29 kB Progress (2): 32/106 kB | 29 kB Progress (2): 36/106 kB | 29 kB Progress (2): 40/106 kB | 29 kB Progress (2): 45/106 kB | 29 kB Progress (2): 49/106 kB | 29 kB Progress (2): 53/106 kB | 29 kB Progress (2): 57/106 kB | 29 kB Progress (2): 61/106 kB | 29 kB Progress (2): 65/106 kB | 29 kB Progress (2): 69/106 kB | 29 kB Progress (2): 73/106 kB | 29 kB Progress (2): 77/106 kB | 29 kB Progress (2): 81/106 kB | 29 kB Progress (2): 86/106 kB | 29 kB Progress (2): 90/106 kB | 29 kB Progress (2): 94/106 kB | 29 kB Progress (2): 98/106 kB | 29 kB Progress (2): 102/106 kB | 29 kB Progress (2): 106/106 kB | 29 kB Progress (2): 106 kB | 29 kB Progress (3): 106 kB | 29 kB | 4.1/13 kB Progress (3): 106 kB | 29 kB | 7.7/13 kB Progress (3): 106 kB | 29 kB | 12/13 kB Progress (3): 106 kB | 29 kB | 13 kB Progress (4): 106 kB | 29 kB | 13 kB | 4.1/4.2 kB Progress (4): 106 kB | 29 kB | 13 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 106 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Progress (3): 106 kB | 13 kB | 4.1/52 kB Progress (3): 106 kB | 13 kB | 8.2/52 kB Progress (3): 106 kB | 13 kB | 12/52 kB Progress (3): 106 kB | 13 kB | 16/52 kB Progress (3): 106 kB | 13 kB | 20/52 kB Progress (3): 106 kB | 13 kB | 25/52 kB Progress (3): 106 kB | 13 kB | 29/52 kB Progress (3): 106 kB | 13 kB | 33/52 kB Progress (3): 106 kB | 13 kB | 37/52 kB Progress (3): 106 kB | 13 kB | 41/52 kB Progress (3): 106 kB | 13 kB | 45/52 kB Progress (3): 106 kB | 13 kB | 49/52 kB Progress (3): 106 kB | 13 kB | 52 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 364 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Progress (2): 52 kB | 4.1/263 kB Progress (2): 52 kB | 7.7/263 kB Progress (2): 52 kB | 12/263 kB Progress (2): 52 kB | 16/263 kB Progress (2): 52 kB | 20/263 kB Progress (2): 52 kB | 24/263 kB Progress (2): 52 kB | 28/263 kB Progress (2): 52 kB | 32/263 kB Progress (2): 52 kB | 36/263 kB Progress (2): 52 kB | 40/263 kB Progress (2): 52 kB | 45/263 kB Progress (2): 52 kB | 49/263 kB Progress (2): 52 kB | 53/263 kB Progress (2): 52 kB | 57/263 kB Progress (2): 52 kB | 61/263 kB Progress (2): 52 kB | 65/263 kB Progress (2): 52 kB | 69/263 kB Progress (2): 52 kB | 73/263 kB Progress (2): 52 kB | 77/263 kB Progress (2): 52 kB | 81/263 kB Progress (2): 52 kB | 85/263 kB Progress (2): 52 kB | 89/263 kB Progress (2): 52 kB | 93/263 kB Progress (2): 52 kB | 98/263 kB Progress (2): 52 kB | 102/263 kB Progress (2): 52 kB | 106/263 kB Progress (2): 52 kB | 110/263 kB Progress (2): 52 kB | 114/263 kB Progress (2): 52 kB | 118/263 kB Progress (2): 52 kB | 122/263 kB Progress (2): 52 kB | 126/263 kB Progress (2): 52 kB | 130/263 kB Progress (2): 52 kB | 134/263 kB Progress (2): 52 kB | 139/263 kB Progress (2): 52 kB | 143/263 kB Progress (2): 52 kB | 147/263 kB Progress (2): 52 kB | 151/263 kB Progress (2): 52 kB | 155/263 kB Progress (2): 52 kB | 159/263 kB Progress (2): 52 kB | 163/263 kB Progress (2): 52 kB | 167/263 kB Progress (2): 52 kB | 171/263 kB Progress (2): 52 kB | 175/263 kB Progress (2): 52 kB | 179/263 kB Progress (2): 52 kB | 184/263 kB Progress (2): 52 kB | 188/263 kB Progress (2): 52 kB | 192/263 kB Progress (2): 52 kB | 196/263 kB Progress (2): 52 kB | 200/263 kB Progress (2): 52 kB | 204/263 kB Progress (2): 52 kB | 208/263 kB Progress (2): 52 kB | 212/263 kB Progress (2): 52 kB | 216/263 kB Progress (2): 52 kB | 220/263 kB Progress (2): 52 kB | 225/263 kB Progress (2): 52 kB | 229/263 kB Progress (2): 52 kB | 233/263 kB Progress (2): 52 kB | 237/263 kB Progress (2): 52 kB | 241/263 kB Progress (2): 52 kB | 245/263 kB Progress (2): 52 kB | 249/263 kB Progress (2): 52 kB | 253/263 kB Progress (2): 52 kB | 257/263 kB Progress (2): 52 kB | 261/263 kB Progress (2): 52 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 170 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Progress (2): 263 kB | 4.1/120 kB Progress (2): 263 kB | 7.7/120 kB Progress (2): 263 kB | 12/120 kB Progress (2): 263 kB | 16/120 kB Progress (2): 263 kB | 20/120 kB Progress (2): 263 kB | 24/120 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 810 kB/s) Progress (1): 28/120 kB Progress (1): 32/120 kB Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Progress (1): 36/120 kB Progress (1): 40/120 kB Progress (1): 45/120 kB Progress (1): 49/120 kB Progress (1): 53/120 kB Progress (1): 57/120 kB Progress (1): 61/120 kB Progress (1): 65/120 kB Progress (1): 69/120 kB Progress (1): 73/120 kB Progress (1): 77/120 kB Progress (1): 81/120 kB Progress (1): 86/120 kB Progress (1): 90/120 kB Progress (1): 93/120 kB Progress (1): 98/120 kB Progress (1): 102/120 kB Progress (1): 106/120 kB Progress (1): 110/120 kB Progress (1): 114/120 kB Progress (1): 118/120 kB Progress (1): 120 kB Progress (2): 120 kB | 4.1/61 kB Progress (2): 120 kB | 7.7/61 kB Progress (2): 120 kB | 12/61 kB Progress (2): 120 kB | 16/61 kB Progress (2): 120 kB | 20/61 kB Progress (2): 120 kB | 24/61 kB Progress (2): 120 kB | 28/61 kB Progress (2): 120 kB | 32/61 kB Progress (2): 120 kB | 36/61 kB Progress (2): 120 kB | 40/61 kB Progress (2): 120 kB | 45/61 kB Progress (2): 120 kB | 49/61 kB Progress (2): 120 kB | 53/61 kB Progress (2): 120 kB | 57/61 kB Progress (2): 120 kB | 61/61 kB Progress (2): 120 kB | 61 kB Progress (3): 120 kB | 61 kB | 4.1/335 kB Progress (3): 120 kB | 61 kB | 7.7/335 kB Progress (3): 120 kB | 61 kB | 12/335 kB Progress (3): 120 kB | 61 kB | 16/335 kB Progress (3): 120 kB | 61 kB | 20/335 kB Progress (3): 120 kB | 61 kB | 24/335 kB Progress (3): 120 kB | 61 kB | 28/335 kB Progress (3): 120 kB | 61 kB | 32/335 kB Progress (3): 120 kB | 61 kB | 36/335 kB Progress (3): 120 kB | 61 kB | 40/335 kB Progress (3): 120 kB | 61 kB | 45/335 kB Progress (3): 120 kB | 61 kB | 49/335 kB Progress (3): 120 kB | 61 kB | 53/335 kB Progress (3): 120 kB | 61 kB | 57/335 kB Progress (3): 120 kB | 61 kB | 61/335 kB Progress (3): 120 kB | 61 kB | 65/335 kB Progress (3): 120 kB | 61 kB | 69/335 kB Progress (3): 120 kB | 61 kB | 73/335 kB Progress (3): 120 kB | 61 kB | 77/335 kB Progress (3): 120 kB | 61 kB | 81/335 kB Progress (3): 120 kB | 61 kB | 86/335 kB Progress (3): 120 kB | 61 kB | 90/335 kB Progress (3): 120 kB | 61 kB | 94/335 kB Progress (3): 120 kB | 61 kB | 98/335 kB Progress (3): 120 kB | 61 kB | 102/335 kB Progress (3): 120 kB | 61 kB | 106/335 kB Progress (3): 120 kB | 61 kB | 110/335 kB Progress (3): 120 kB | 61 kB | 114/335 kB Progress (3): 120 kB | 61 kB | 118/335 kB Progress (3): 120 kB | 61 kB | 122/335 kB Progress (3): 120 kB | 61 kB | 126/335 kB Progress (3): 120 kB | 61 kB | 131/335 kB Progress (3): 120 kB | 61 kB | 135/335 kB Progress (3): 120 kB | 61 kB | 139/335 kB Progress (3): 120 kB | 61 kB | 143/335 kB Progress (3): 120 kB | 61 kB | 147/335 kB Progress (3): 120 kB | 61 kB | 151/335 kB Progress (3): 120 kB | 61 kB | 155/335 kB Progress (3): 120 kB | 61 kB | 159/335 kB Progress (3): 120 kB | 61 kB | 163/335 kB Progress (3): 120 kB | 61 kB | 167/335 kB Progress (3): 120 kB | 61 kB | 172/335 kB Progress (3): 120 kB | 61 kB | 176/335 kB Progress (3): 120 kB | 61 kB | 180/335 kB Progress (3): 120 kB | 61 kB | 184/335 kB Progress (3): 120 kB | 61 kB | 188/335 kB Progress (3): 120 kB | 61 kB | 192/335 kB Progress (3): 120 kB | 61 kB | 196/335 kB Progress (3): 120 kB | 61 kB | 200/335 kB Progress (3): 120 kB | 61 kB | 204/335 kB Progress (3): 120 kB | 61 kB | 208/335 kB Progress (3): 120 kB | 61 kB | 213/335 kB Progress (3): 120 kB | 61 kB | 217/335 kB Progress (3): 120 kB | 61 kB | 221/335 kB Progress (3): 120 kB | 61 kB | 225/335 kB Progress (3): 120 kB | 61 kB | 229/335 kB Progress (3): 120 kB | 61 kB | 233/335 kB Progress (3): 120 kB | 61 kB | 237/335 kB Progress (3): 120 kB | 61 kB | 241/335 kB Progress (3): 120 kB | 61 kB | 245/335 kB Progress (3): 120 kB | 61 kB | 249/335 kB Progress (3): 120 kB | 61 kB | 253/335 kB Progress (3): 120 kB | 61 kB | 258/335 kB Progress (3): 120 kB | 61 kB | 262/335 kB Progress (3): 120 kB | 61 kB | 266/335 kB Progress (3): 120 kB | 61 kB | 270/335 kB Progress (3): 120 kB | 61 kB | 274/335 kB Progress (3): 120 kB | 61 kB | 278/335 kB Progress (3): 120 kB | 61 kB | 282/335 kB Progress (3): 120 kB | 61 kB | 286/335 kB Progress (3): 120 kB | 61 kB | 290/335 kB Progress (3): 120 kB | 61 kB | 294/335 kB Progress (3): 120 kB | 61 kB | 299/335 kB Progress (3): 120 kB | 61 kB | 303/335 kB Progress (3): 120 kB | 61 kB | 307/335 kB Progress (3): 120 kB | 61 kB | 311/335 kB Progress (3): 120 kB | 61 kB | 315/335 kB Progress (3): 120 kB | 61 kB | 319/335 kB Progress (3): 120 kB | 61 kB | 323/335 kB Progress (3): 120 kB | 61 kB | 327/335 kB Progress (3): 120 kB | 61 kB | 331/335 kB Progress (3): 120 kB | 61 kB | 335 kB Progress (4): 120 kB | 61 kB | 335 kB | 4.1/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 7.7/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 12/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 16/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 20/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 24/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 28/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 32/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 36/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 40/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 45/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 49/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 53/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 55/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 59/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 63/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 67/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 71/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 75/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 79/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 84/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 88/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 92/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 96/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 100/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 104/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 108/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 112/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 116/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 120/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 124/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 129/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 133/164 kB Progress (4): 120 kB | 61 kB | 335 kB | 137/164 kB Progress (5): 120 kB | 61 kB | 335 kB | 137/164 kB | 4.1/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 141/164 kB | 4.1/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 145/164 kB | 4.1/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 145/164 kB | 7.7/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 149/164 kB | 7.7/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 149/164 kB | 12/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 153/164 kB | 12/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 153/164 kB | 16/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 157/164 kB | 16/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 161/164 kB | 16/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 161/164 kB | 20/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 164 kB | 20/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 164 kB | 24/26 kB Progress (5): 120 kB | 61 kB | 335 kB | 164 kB | 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 336 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 931 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 167 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 429 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Progress (2): 26 kB | 4.1/72 kB Progress (2): 26 kB | 7.7/72 kB Progress (2): 26 kB | 12/72 kB Progress (2): 26 kB | 16/72 kB Progress (2): 26 kB | 20/72 kB Progress (2): 26 kB | 24/72 kB Progress (2): 26 kB | 28/72 kB Progress (2): 26 kB | 32/72 kB Progress (2): 26 kB | 36/72 kB Progress (2): 26 kB | 40/72 kB Progress (2): 26 kB | 45/72 kB Progress (2): 26 kB | 49/72 kB Progress (2): 26 kB | 53/72 kB Progress (2): 26 kB | 57/72 kB Progress (2): 26 kB | 61/72 kB Progress (2): 26 kB | 65/72 kB Progress (2): 26 kB | 69/72 kB Progress (2): 26 kB | 72 kB Progress (3): 26 kB | 72 kB | 4.1/122 kB Progress (3): 26 kB | 72 kB | 7.7/122 kB Progress (3): 26 kB | 72 kB | 12/122 kB Progress (3): 26 kB | 72 kB | 16/122 kB Progress (3): 26 kB | 72 kB | 20/122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 65 kB/s) Progress (2): 72 kB | 24/122 kB Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Progress (2): 72 kB | 28/122 kB Progress (2): 72 kB | 32/122 kB Progress (2): 72 kB | 36/122 kB Progress (2): 72 kB | 40/122 kB Progress (2): 72 kB | 45/122 kB Progress (2): 72 kB | 49/122 kB Progress (2): 72 kB | 53/122 kB Progress (2): 72 kB | 57/122 kB Progress (2): 72 kB | 61/122 kB Progress (2): 72 kB | 65/122 kB Progress (2): 72 kB | 69/122 kB Progress (2): 72 kB | 73/122 kB Progress (2): 72 kB | 77/122 kB Progress (2): 72 kB | 81/122 kB Progress (2): 72 kB | 86/122 kB Progress (2): 72 kB | 90/122 kB Progress (2): 72 kB | 94/122 kB Progress (2): 72 kB | 98/122 kB Progress (2): 72 kB | 102/122 kB Progress (2): 72 kB | 106/122 kB Progress (2): 72 kB | 110/122 kB Progress (2): 72 kB | 114/122 kB Progress (2): 72 kB | 118/122 kB Progress (2): 72 kB | 122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 175 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Progress (2): 122 kB | 4.1/33 kB Progress (2): 122 kB | 7.7/33 kB Progress (2): 122 kB | 12/33 kB Progress (2): 122 kB | 16/33 kB Progress (2): 122 kB | 20/33 kB Progress (2): 122 kB | 24/33 kB Progress (2): 122 kB | 28/33 kB Progress (2): 122 kB | 32/33 kB Progress (2): 122 kB | 33 kB Progress (3): 122 kB | 33 kB | 4.1/53 kB Progress (3): 122 kB | 33 kB | 7.7/53 kB Progress (3): 122 kB | 33 kB | 12/53 kB Progress (3): 122 kB | 33 kB | 16/53 kB Progress (3): 122 kB | 33 kB | 20/53 kB Progress (3): 122 kB | 33 kB | 24/53 kB Progress (3): 122 kB | 33 kB | 28/53 kB Progress (3): 122 kB | 33 kB | 32/53 kB Progress (3): 122 kB | 33 kB | 36/53 kB Progress (3): 122 kB | 33 kB | 40/53 kB Progress (3): 122 kB | 33 kB | 45/53 kB Progress (3): 122 kB | 33 kB | 49/53 kB Progress (3): 122 kB | 33 kB | 53 kB Progress (4): 122 kB | 33 kB | 53 kB | 4.1/37 kB Progress (4): 122 kB | 33 kB | 53 kB | 7.7/37 kB Progress (4): 122 kB | 33 kB | 53 kB | 12/37 kB Progress (4): 122 kB | 33 kB | 53 kB | 16/37 kB Progress (4): 122 kB | 33 kB | 53 kB | 20/37 kB Progress (4): 122 kB | 33 kB | 53 kB | 24/37 kB Progress (4): 122 kB | 33 kB | 53 kB | 28/37 kB Progress (4): 122 kB | 33 kB | 53 kB | 32/37 kB Progress (4): 122 kB | 33 kB | 53 kB | 36/37 kB Progress (4): 122 kB | 33 kB | 53 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 275 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Progress (3): 53 kB | 37 kB | 4.1/305 kB Progress (3): 53 kB | 37 kB | 7.7/305 kB Progress (3): 53 kB | 37 kB | 12/305 kB Progress (3): 53 kB | 37 kB | 16/305 kB Progress (3): 53 kB | 37 kB | 20/305 kB Progress (3): 53 kB | 37 kB | 24/305 kB Progress (3): 53 kB | 37 kB | 28/305 kB Progress (3): 53 kB | 37 kB | 32/305 kB Progress (3): 53 kB | 37 kB | 36/305 kB Progress (3): 53 kB | 37 kB | 40/305 kB Progress (3): 53 kB | 37 kB | 45/305 kB Progress (3): 53 kB | 37 kB | 49/305 kB Progress (3): 53 kB | 37 kB | 53/305 kB Progress (3): 53 kB | 37 kB | 57/305 kB Progress (3): 53 kB | 37 kB | 61/305 kB Progress (3): 53 kB | 37 kB | 65/305 kB Progress (3): 53 kB | 37 kB | 69/305 kB Progress (3): 53 kB | 37 kB | 73/305 kB Progress (3): 53 kB | 37 kB | 77/305 kB Progress (3): 53 kB | 37 kB | 81/305 kB Progress (3): 53 kB | 37 kB | 86/305 kB Progress (3): 53 kB | 37 kB | 90/305 kB Progress (3): 53 kB | 37 kB | 94/305 kB Progress (3): 53 kB | 37 kB | 98/305 kB Progress (3): 53 kB | 37 kB | 102/305 kB Progress (3): 53 kB | 37 kB | 106/305 kB Progress (3): 53 kB | 37 kB | 110/305 kB Progress (3): 53 kB | 37 kB | 114/305 kB Progress (3): 53 kB | 37 kB | 118/305 kB Progress (3): 53 kB | 37 kB | 122/305 kB Progress (3): 53 kB | 37 kB | 126/305 kB Progress (3): 53 kB | 37 kB | 131/305 kB Progress (3): 53 kB | 37 kB | 135/305 kB Progress (3): 53 kB | 37 kB | 139/305 kB Progress (3): 53 kB | 37 kB | 143/305 kB Progress (3): 53 kB | 37 kB | 147/305 kB Progress (3): 53 kB | 37 kB | 151/305 kB Progress (3): 53 kB | 37 kB | 155/305 kB Progress (3): 53 kB | 37 kB | 159/305 kB Progress (3): 53 kB | 37 kB | 163/305 kB Progress (3): 53 kB | 37 kB | 167/305 kB Progress (3): 53 kB | 37 kB | 172/305 kB Progress (3): 53 kB | 37 kB | 176/305 kB Progress (3): 53 kB | 37 kB | 180/305 kB Progress (3): 53 kB | 37 kB | 184/305 kB Progress (3): 53 kB | 37 kB | 188/305 kB Progress (3): 53 kB | 37 kB | 192/305 kB Progress (3): 53 kB | 37 kB | 196/305 kB Progress (3): 53 kB | 37 kB | 200/305 kB Progress (3): 53 kB | 37 kB | 204/305 kB Progress (3): 53 kB | 37 kB | 208/305 kB Progress (3): 53 kB | 37 kB | 213/305 kB Progress (3): 53 kB | 37 kB | 217/305 kB Progress (3): 53 kB | 37 kB | 221/305 kB Progress (3): 53 kB | 37 kB | 225/305 kB Progress (3): 53 kB | 37 kB | 229/305 kB Progress (3): 53 kB | 37 kB | 233/305 kB Progress (3): 53 kB | 37 kB | 237/305 kB Progress (3): 53 kB | 37 kB | 241/305 kB Progress (3): 53 kB | 37 kB | 245/305 kB Progress (3): 53 kB | 37 kB | 249/305 kB Progress (3): 53 kB | 37 kB | 253/305 kB Progress (3): 53 kB | 37 kB | 258/305 kB Progress (3): 53 kB | 37 kB | 262/305 kB Progress (3): 53 kB | 37 kB | 266/305 kB Progress (3): 53 kB | 37 kB | 270/305 kB Progress (3): 53 kB | 37 kB | 274/305 kB Progress (3): 53 kB | 37 kB | 278/305 kB Progress (3): 53 kB | 37 kB | 282/305 kB Progress (3): 53 kB | 37 kB | 286/305 kB Progress (3): 53 kB | 37 kB | 290/305 kB Progress (3): 53 kB | 37 kB | 294/305 kB Progress (3): 53 kB | 37 kB | 299/305 kB Progress (3): 53 kB | 37 kB | 303/305 kB Progress (3): 53 kB | 37 kB | 305 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 113 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Progress (2): 305 kB | 4.1/215 kB Progress (2): 305 kB | 7.7/215 kB Progress (2): 305 kB | 12/215 kB Progress (2): 305 kB | 16/215 kB Progress (2): 305 kB | 20/215 kB Progress (2): 305 kB | 24/215 kB Progress (2): 305 kB | 28/215 kB Progress (2): 305 kB | 32/215 kB Progress (2): 305 kB | 36/215 kB Progress (2): 305 kB | 40/215 kB Progress (2): 305 kB | 45/215 kB Progress (2): 305 kB | 49/215 kB Progress (2): 305 kB | 53/215 kB Progress (2): 305 kB | 57/215 kB Progress (2): 305 kB | 61/215 kB Progress (2): 305 kB | 65/215 kB Progress (2): 305 kB | 69/215 kB Progress (2): 305 kB | 73/215 kB Progress (2): 305 kB | 77/215 kB Progress (2): 305 kB | 81/215 kB Progress (2): 305 kB | 86/215 kB Progress (2): 305 kB | 90/215 kB Progress (2): 305 kB | 94/215 kB Progress (2): 305 kB | 98/215 kB Progress (2): 305 kB | 102/215 kB Progress (2): 305 kB | 106/215 kB Progress (2): 305 kB | 110/215 kB Progress (2): 305 kB | 114/215 kB Progress (2): 305 kB | 118/215 kB Progress (2): 305 kB | 122/215 kB Progress (2): 305 kB | 126/215 kB Progress (2): 305 kB | 131/215 kB Progress (3): 305 kB | 131/215 kB | 4.1/134 kB Progress (3): 305 kB | 131/215 kB | 7.7/134 kB Progress (3): 305 kB | 131/215 kB | 12/134 kB Progress (3): 305 kB | 131/215 kB | 16/134 kB Progress (3): 305 kB | 131/215 kB | 20/134 kB Progress (3): 305 kB | 131/215 kB | 24/134 kB Progress (3): 305 kB | 131/215 kB | 28/134 kB Progress (3): 305 kB | 131/215 kB | 32/134 kB Progress (3): 305 kB | 131/215 kB | 36/134 kB Progress (3): 305 kB | 131/215 kB | 40/134 kB Progress (3): 305 kB | 131/215 kB | 45/134 kB Progress (3): 305 kB | 131/215 kB | 49/134 kB Progress (3): 305 kB | 131/215 kB | 53/134 kB Progress (3): 305 kB | 131/215 kB | 57/134 kB Progress (3): 305 kB | 131/215 kB | 61/134 kB Progress (3): 305 kB | 131/215 kB | 65/134 kB Progress (3): 305 kB | 131/215 kB | 69/134 kB Progress (3): 305 kB | 131/215 kB | 73/134 kB Progress (3): 305 kB | 131/215 kB | 77/134 kB Progress (3): 305 kB | 131/215 kB | 81/134 kB Progress (3): 305 kB | 131/215 kB | 86/134 kB Progress (3): 305 kB | 131/215 kB | 90/134 kB Progress (3): 305 kB | 131/215 kB | 94/134 kB Progress (3): 305 kB | 131/215 kB | 98/134 kB Progress (3): 305 kB | 131/215 kB | 102/134 kB Progress (3): 305 kB | 131/215 kB | 106/134 kB Progress (3): 305 kB | 131/215 kB | 110/134 kB Progress (3): 305 kB | 131/215 kB | 114/134 kB Progress (3): 305 kB | 131/215 kB | 118/134 kB Progress (3): 305 kB | 131/215 kB | 122/134 kB Progress (3): 305 kB | 131/215 kB | 126/134 kB Progress (3): 305 kB | 131/215 kB | 131/134 kB Progress (3): 305 kB | 131/215 kB | 134 kB Progress (3): 305 kB | 135/215 kB | 134 kB Progress (3): 305 kB | 139/215 kB | 134 kB Progress (3): 305 kB | 143/215 kB | 134 kB Progress (3): 305 kB | 147/215 kB | 134 kB Progress (3): 305 kB | 151/215 kB | 134 kB Progress (3): 305 kB | 155/215 kB | 134 kB Progress (3): 305 kB | 159/215 kB | 134 kB Progress (3): 305 kB | 163/215 kB | 134 kB Progress (3): 305 kB | 167/215 kB | 134 kB Progress (3): 305 kB | 172/215 kB | 134 kB Progress (3): 305 kB | 176/215 kB | 134 kB Progress (3): 305 kB | 180/215 kB | 134 kB Progress (3): 305 kB | 184/215 kB | 134 kB Progress (3): 305 kB | 188/215 kB | 134 kB Progress (3): 305 kB | 192/215 kB | 134 kB Progress (3): 305 kB | 196/215 kB | 134 kB Progress (3): 305 kB | 200/215 kB | 134 kB Progress (3): 305 kB | 204/215 kB | 134 kB Progress (3): 305 kB | 208/215 kB | 134 kB Progress (3): 305 kB | 213/215 kB | 134 kB Progress (3): 305 kB | 215 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 610 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Progress (3): 215 kB | 134 kB | 4.1/85 kB Progress (3): 215 kB | 134 kB | 7.7/85 kB Progress (3): 215 kB | 134 kB | 12/85 kB Progress (3): 215 kB | 134 kB | 16/85 kB Progress (3): 215 kB | 134 kB | 20/85 kB Progress (3): 215 kB | 134 kB | 24/85 kB Progress (3): 215 kB | 134 kB | 28/85 kB Progress (3): 215 kB | 134 kB | 32/85 kB Progress (3): 215 kB | 134 kB | 36/85 kB Progress (3): 215 kB | 134 kB | 40/85 kB Progress (3): 215 kB | 134 kB | 45/85 kB Progress (3): 215 kB | 134 kB | 49/85 kB Progress (3): 215 kB | 134 kB | 53/85 kB Progress (3): 215 kB | 134 kB | 57/85 kB Progress (3): 215 kB | 134 kB | 61/85 kB Progress (3): 215 kB | 134 kB | 65/85 kB Progress (3): 215 kB | 134 kB | 69/85 kB Progress (3): 215 kB | 134 kB | 73/85 kB Progress (3): 215 kB | 134 kB | 77/85 kB Progress (3): 215 kB | 134 kB | 81/85 kB Progress (3): 215 kB | 134 kB | 85 kB Progress (4): 215 kB | 134 kB | 85 kB | 4.1/180 kB Progress (4): 215 kB | 134 kB | 85 kB | 7.7/180 kB Progress (4): 215 kB | 134 kB | 85 kB | 12/180 kB Progress (4): 215 kB | 134 kB | 85 kB | 16/180 kB Progress (4): 215 kB | 134 kB | 85 kB | 20/180 kB Progress (4): 215 kB | 134 kB | 85 kB | 24/180 kB Progress (4): 215 kB | 134 kB | 85 kB | 28/180 kB Progress (4): 215 kB | 134 kB | 85 kB | 32/180 kB Progress (4): 215 kB | 134 kB | 85 kB | 36/180 kB Progress (4): 215 kB | 134 kB | 85 kB | 40/180 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 418 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Progress (3): 134 kB | 85 kB | 45/180 kB Progress (3): 134 kB | 85 kB | 49/180 kB Progress (3): 134 kB | 85 kB | 53/180 kB Progress (3): 134 kB | 85 kB | 57/180 kB Progress (3): 134 kB | 85 kB | 61/180 kB Progress (3): 134 kB | 85 kB | 65/180 kB Progress (3): 134 kB | 85 kB | 69/180 kB Progress (3): 134 kB | 85 kB | 73/180 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 259 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Progress (2): 85 kB | 77/180 kB Progress (2): 85 kB | 81/180 kB Progress (2): 85 kB | 86/180 kB Progress (2): 85 kB | 90/180 kB Progress (2): 85 kB | 94/180 kB Progress (2): 85 kB | 98/180 kB Progress (2): 85 kB | 102/180 kB Progress (2): 85 kB | 106/180 kB Progress (2): 85 kB | 110/180 kB Progress (2): 85 kB | 114/180 kB Progress (2): 85 kB | 118/180 kB Progress (2): 85 kB | 122/180 kB Progress (2): 85 kB | 126/180 kB Progress (2): 85 kB | 131/180 kB Progress (2): 85 kB | 135/180 kB Progress (2): 85 kB | 139/180 kB Progress (2): 85 kB | 143/180 kB Progress (2): 85 kB | 147/180 kB Progress (2): 85 kB | 151/180 kB Progress (2): 85 kB | 155/180 kB Progress (2): 85 kB | 159/180 kB Progress (2): 85 kB | 163/180 kB Progress (2): 85 kB | 167/180 kB Progress (2): 85 kB | 172/180 kB Progress (2): 85 kB | 176/180 kB Progress (2): 85 kB | 180/180 kB Progress (2): 85 kB | 180 kB Progress (3): 85 kB | 180 kB | 4.1/4.6 kB Progress (3): 85 kB | 180 kB | 4.6 kB Progress (4): 85 kB | 180 kB | 4.6 kB | 0/2.6 MB Progress (4): 85 kB | 180 kB | 4.6 kB | 0/2.6 MB Progress (4): 85 kB | 180 kB | 4.6 kB | 0/2.6 MB Progress (4): 85 kB | 180 kB | 4.6 kB | 0.1/2.6 MB Progress (4): 85 kB | 180 kB | 4.6 kB | 0.1/2.6 MB Progress (4): 85 kB | 180 kB | 4.6 kB | 0.1/2.6 MB Progress (4): 85 kB | 180 kB | 4.6 kB | 0.1/2.6 MB Progress (4): 85 kB | 180 kB | 4.6 kB | 0.1/2.6 MB Progress (4): 85 kB | 180 kB | 4.6 kB | 0.1/2.6 MB Progress (4): 85 kB | 180 kB | 4.6 kB | 0.2/2.6 MB Progress (4): 85 kB | 180 kB | 4.6 kB | 0.2/2.6 MB Progress (4): 85 kB | 180 kB | 4.6 kB | 0.2/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 155 kB/s) Progress (4): 180 kB | 4.6 kB | 0.2/2.6 MB | 2.2 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (4): 180 kB | 4.6 kB | 0.2/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.2/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.2/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.3/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.3/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.3/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.3/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.3/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.3/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.4/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.4/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.4/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.4/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.4/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.4/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.5/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.5/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.5/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.5/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.5/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.5/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.6/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.6/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.6/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.6/2.6 MB | 2.2 kB Progress (4): 180 kB | 4.6 kB | 0.6/2.6 MB | 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 324 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (3): 4.6 kB | 0.6/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.7/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.7/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.7/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.7/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.7/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.7/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.8/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.8/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.8/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.8/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.8/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.8/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.9/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.9/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.9/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.9/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.9/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.9/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 0.9/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.0/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.0/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.0/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.0/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.0/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.0/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.1/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.1/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.1/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.1/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.1/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.1/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.2/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.2/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.2/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.2/2.6 MB | 2.2 kB Progress (3): 4.6 kB | 1.2/2.6 MB | 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 8.2 kB/s) Progress (2): 1.2/2.6 MB | 2.2 kB Progress (2): 1.3/2.6 MB | 2.2 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Progress (2): 1.3/2.6 MB | 2.2 kB Progress (2): 1.3/2.6 MB | 2.2 kB Progress (2): 1.3/2.6 MB | 2.2 kB Progress (2): 1.3/2.6 MB | 2.2 kB Progress (2): 1.3/2.6 MB | 2.2 kB Progress (2): 1.4/2.6 MB | 2.2 kB Progress (2): 1.4/2.6 MB | 2.2 kB Progress (2): 1.4/2.6 MB | 2.2 kB Progress (2): 1.4/2.6 MB | 2.2 kB Progress (2): 1.4/2.6 MB | 2.2 kB Progress (2): 1.4/2.6 MB | 2.2 kB Progress (2): 1.5/2.6 MB | 2.2 kB Progress (2): 1.5/2.6 MB | 2.2 kB Progress (2): 1.5/2.6 MB | 2.2 kB Progress (2): 1.5/2.6 MB | 2.2 kB Progress (2): 1.5/2.6 MB | 2.2 kB Progress (2): 1.5/2.6 MB | 2.2 kB Progress (2): 1.5/2.6 MB | 2.2 kB Progress (2): 1.6/2.6 MB | 2.2 kB Progress (2): 1.6/2.6 MB | 2.2 kB Progress (2): 1.6/2.6 MB | 2.2 kB Progress (2): 1.6/2.6 MB | 2.2 kB Progress (2): 1.6/2.6 MB | 2.2 kB Progress (2): 1.6/2.6 MB | 2.2 kB Progress (2): 1.7/2.6 MB | 2.2 kB Progress (2): 1.7/2.6 MB | 2.2 kB Progress (2): 1.7/2.6 MB | 2.2 kB Progress (2): 1.7/2.6 MB | 2.2 kB Progress (2): 1.7/2.6 MB | 2.2 kB Progress (2): 1.7/2.6 MB | 2.2 kB Progress (2): 1.8/2.6 MB | 2.2 kB Progress (2): 1.8/2.6 MB | 2.2 kB Progress (2): 1.8/2.6 MB | 2.2 kB Progress (2): 1.8/2.6 MB | 2.2 kB Progress (2): 1.8/2.6 MB | 2.2 kB Progress (2): 1.8/2.6 MB | 2.2 kB Progress (2): 1.9/2.6 MB | 2.2 kB Progress (2): 1.9/2.6 MB | 2.2 kB Progress (2): 1.9/2.6 MB | 2.2 kB Progress (2): 1.9/2.6 MB | 2.2 kB Progress (2): 1.9/2.6 MB | 2.2 kB Progress (2): 1.9/2.6 MB | 2.2 kB Progress (2): 2.0/2.6 MB | 2.2 kB Progress (2): 2.0/2.6 MB | 2.2 kB Progress (2): 2.0/2.6 MB | 2.2 kB Progress (2): 2.0/2.6 MB | 2.2 kB Progress (2): 2.0/2.6 MB | 2.2 kB Progress (2): 2.0/2.6 MB | 2.2 kB Progress (2): 2.1/2.6 MB | 2.2 kB Progress (2): 2.1/2.6 MB | 2.2 kB Progress (2): 2.1/2.6 MB | 2.2 kB Progress (2): 2.1/2.6 MB | 2.2 kB Progress (2): 2.1/2.6 MB | 2.2 kB Progress (2): 2.1/2.6 MB | 2.2 kB Progress (2): 2.2/2.6 MB | 2.2 kB Progress (2): 2.2/2.6 MB | 2.2 kB Progress (2): 2.2/2.6 MB | 2.2 kB Progress (2): 2.2/2.6 MB | 2.2 kB Progress (2): 2.2/2.6 MB | 2.2 kB Progress (2): 2.2/2.6 MB | 2.2 kB Progress (2): 2.2/2.6 MB | 2.2 kB Progress (2): 2.3/2.6 MB | 2.2 kB Progress (2): 2.3/2.6 MB | 2.2 kB Progress (2): 2.3/2.6 MB | 2.2 kB Progress (2): 2.3/2.6 MB | 2.2 kB Progress (2): 2.3/2.6 MB | 2.2 kB Progress (2): 2.3/2.6 MB | 2.2 kB Progress (2): 2.4/2.6 MB | 2.2 kB Progress (2): 2.4/2.6 MB | 2.2 kB Progress (2): 2.4/2.6 MB | 2.2 kB Progress (2): 2.4/2.6 MB | 2.2 kB Progress (2): 2.4/2.6 MB | 2.2 kB Progress (2): 2.4/2.6 MB | 2.2 kB Progress (2): 2.5/2.6 MB | 2.2 kB Progress (2): 2.5/2.6 MB | 2.2 kB Progress (2): 2.5/2.6 MB | 2.2 kB Progress (2): 2.5/2.6 MB | 2.2 kB Progress (2): 2.5/2.6 MB | 2.2 kB Progress (2): 2.5/2.6 MB | 2.2 kB Progress (2): 2.6/2.6 MB | 2.2 kB Progress (2): 2.6/2.6 MB | 2.2 kB Progress (2): 2.6/2.6 MB | 2.2 kB Progress (2): 2.6/2.6 MB | 2.2 kB Progress (2): 2.6/2.6 MB | 2.2 kB Progress (2): 2.6 MB | 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 3.8 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Progress (2): 2.6 MB | 4.1/20 kB Progress (2): 2.6 MB | 7.7/20 kB Progress (2): 2.6 MB | 12/20 kB Progress (2): 2.6 MB | 16/20 kB Progress (2): 2.6 MB | 20 kB Progress (3): 2.6 MB | 20 kB | 4.1/5.9 kB Progress (3): 2.6 MB | 20 kB | 5.9 kB Progress (4): 2.6 MB | 20 kB | 5.9 kB | 4.1/14 kB Progress (4): 2.6 MB | 20 kB | 5.9 kB | 7.7/14 kB Progress (4): 2.6 MB | 20 kB | 5.9 kB | 12/14 kB Progress (4): 2.6 MB | 20 kB | 5.9 kB | 14 kB Progress (5): 2.6 MB | 20 kB | 5.9 kB | 14 kB | 4.1/8.8 kB Progress (5): 2.6 MB | 20 kB | 5.9 kB | 14 kB | 7.7/8.8 kB Progress (5): 2.6 MB | 20 kB | 5.9 kB | 14 kB | 8.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 9.4 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 4.2 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 22 kB/s) Progress (2): 8.8 kB | 4.1/500 kB Progress (2): 8.8 kB | 7.7/500 kB Progress (2): 8.8 kB | 12/500 kB Progress (2): 8.8 kB | 16/500 kB Progress (2): 8.8 kB | 20/500 kB Progress (2): 8.8 kB | 24/500 kB Progress (2): 8.8 kB | 28/500 kB Progress (2): 8.8 kB | 32/500 kB Progress (2): 8.8 kB | 36/500 kB Progress (2): 8.8 kB | 40/500 kB Progress (2): 8.8 kB | 45/500 kB Progress (2): 8.8 kB | 49/500 kB Progress (2): 8.8 kB | 53/500 kB Progress (2): 8.8 kB | 57/500 kB Progress (2): 8.8 kB | 61/500 kB Progress (2): 8.8 kB | 65/500 kB Progress (2): 8.8 kB | 69/500 kB Progress (2): 8.8 kB | 73/500 kB Progress (2): 8.8 kB | 77/500 kB Progress (2): 8.8 kB | 81/500 kB Progress (2): 8.8 kB | 86/500 kB Progress (2): 8.8 kB | 90/500 kB Progress (2): 8.8 kB | 94/500 kB Progress (2): 8.8 kB | 98/500 kB Progress (2): 8.8 kB | 102/500 kB Progress (2): 8.8 kB | 106/500 kB Progress (2): 8.8 kB | 110/500 kB Progress (2): 8.8 kB | 114/500 kB Progress (2): 8.8 kB | 118/500 kB Progress (2): 8.8 kB | 122/500 kB Progress (2): 8.8 kB | 126/500 kB Progress (2): 8.8 kB | 131/500 kB Progress (2): 8.8 kB | 135/500 kB Progress (2): 8.8 kB | 139/500 kB Progress (2): 8.8 kB | 143/500 kB Progress (2): 8.8 kB | 147/500 kB Progress (2): 8.8 kB | 151/500 kB Progress (2): 8.8 kB | 155/500 kB Progress (2): 8.8 kB | 159/500 kB Progress (2): 8.8 kB | 163/500 kB Progress (2): 8.8 kB | 167/500 kB Progress (2): 8.8 kB | 172/500 kB Progress (2): 8.8 kB | 176/500 kB Progress (2): 8.8 kB | 180/500 kB Progress (2): 8.8 kB | 184/500 kB Progress (2): 8.8 kB | 188/500 kB Progress (2): 8.8 kB | 192/500 kB Progress (2): 8.8 kB | 196/500 kB Progress (2): 8.8 kB | 200/500 kB Progress (2): 8.8 kB | 204/500 kB Progress (2): 8.8 kB | 208/500 kB Progress (2): 8.8 kB | 212/500 kB Progress (2): 8.8 kB | 216/500 kB Progress (2): 8.8 kB | 220/500 kB Progress (2): 8.8 kB | 224/500 kB Progress (2): 8.8 kB | 228/500 kB Progress (2): 8.8 kB | 232/500 kB Progress (2): 8.8 kB | 236/500 kB Progress (2): 8.8 kB | 241/500 kB Progress (2): 8.8 kB | 245/500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 13 kB/s) Progress (1): 249/500 kB Progress (1): 253/500 kB Progress (1): 257/500 kB Progress (1): 261/500 kB Progress (1): 265/500 kB Progress (1): 269/500 kB Progress (1): 273/500 kB Progress (1): 277/500 kB Progress (1): 282/500 kB Progress (1): 286/500 kB Progress (1): 290/500 kB Progress (1): 294/500 kB Progress (1): 298/500 kB Progress (1): 302/500 kB Progress (1): 306/500 kB Progress (1): 310/500 kB Progress (1): 314/500 kB Progress (1): 318/500 kB Progress (1): 322/500 kB Progress (1): 327/500 kB Progress (1): 331/500 kB Progress (1): 335/500 kB Progress (1): 339/500 kB Progress (1): 343/500 kB Progress (1): 347/500 kB Progress (1): 351/500 kB Progress (1): 355/500 kB Progress (1): 359/500 kB Progress (1): 363/500 kB Progress (1): 367/500 kB Progress (1): 371/500 kB Progress (1): 376/500 kB Progress (1): 380/500 kB Progress (1): 384/500 kB Progress (1): 388/500 kB Progress (1): 392/500 kB Progress (1): 396/500 kB Progress (1): 400/500 kB Progress (1): 404/500 kB Progress (1): 408/500 kB Progress (1): 412/500 kB Progress (1): 416/500 kB Progress (1): 420/500 kB Progress (1): 424/500 kB Progress (1): 428/500 kB Progress (1): 432/500 kB Progress (1): 436/500 kB Progress (1): 440/500 kB Progress (1): 445/500 kB Progress (1): 449/500 kB Progress (1): 453/500 kB Progress (1): 457/500 kB Progress (1): 461/500 kB Progress (1): 465/500 kB Progress (1): 469/500 kB Progress (1): 473/500 kB Progress (1): 477/500 kB Progress (1): 481/500 kB Progress (1): 486/500 kB Progress (1): 490/500 kB Progress (1): 494/500 kB Progress (1): 498/500 kB Progress (1): 500 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 720 kB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 25.880 s [INFO] Finished at: 2026-04-22T13:53:29Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="ed3328a539acc00b4d626fb0525fc3656cfad118" "org.opencontainers.image.revision"="ed3328a539acc00b4d626fb0525fc3656cfad118" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/konflux-test-integration" "quay.expires-after"="6h" "build-date"="2026-04-22T13:52:19Z" "org.opencontainers.image.created"="2026-04-22T13:52:19Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 --> 66fce7c70ec0 Successfully tagged quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 66fce7c70ec0ace2af305ca5355de3cdaa86ff02b14a7ff6e6949f9aa9ad84e2 [2026-04-22T13:53:31,072874540+00:00] Unsetting proxy [2026-04-22T13:53:31,074162258+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:402a4439d4685294ff33f924f757e962428a8cb41e1f69cd7336b67844dd6f8f registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:151f4f781ee4280a6b9f0a8ae75caf70723d2c9c8c940cf193a456873064647e Getting image source signatures Copying blob sha256:8dbf1597f50ec23e567040c4101c9212913f074c6f2f24a143d31be34b67d6e5 Copying blob sha256:82e94a78e5b3f6e090eb99ece36c5d39a3329a736933c800cc56623bff3e77e9 Copying blob sha256:69fb55955bb195dd1f75faa6d15da2a9617eb7bed59320c598bfa1d74d874213 Copying config sha256:66fce7c70ec0ace2af305ca5355de3cdaa86ff02b14a7ff6e6949f9aa9ad84e2 Writing manifest to image destination [2026-04-22T13:53:32,384449981+00:00] End build pod: test-component-pac-jfjqoi-ob4259b147a08930b3126dc25f096f4e6-pod | container step-push: [2026-04-22T13:53:32,679823213+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-04-22T13:53:34,809816533+00:00] Convert image [2026-04-22T13:53:34,810923449+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:test-component-pac-jfjqoi-on-pull-request-pdc9m-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 docker://quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:test-component-pac-jfjqoi-on-pull-request-pdc9m-build-container Getting image source signatures Copying blob sha256:8dbf1597f50ec23e567040c4101c9212913f074c6f2f24a143d31be34b67d6e5 Copying blob sha256:69fb55955bb195dd1f75faa6d15da2a9617eb7bed59320c598bfa1d74d874213 Copying blob sha256:82e94a78e5b3f6e090eb99ece36c5d39a3329a736933c800cc56623bff3e77e9 Copying config sha256:66fce7c70ec0ace2af305ca5355de3cdaa86ff02b14a7ff6e6949f9aa9ad84e2 Writing manifest to image destination [2026-04-22T13:53:43,222501867+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 docker://quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 Getting image source signatures Copying blob sha256:8dbf1597f50ec23e567040c4101c9212913f074c6f2f24a143d31be34b67d6e5 Copying blob sha256:82e94a78e5b3f6e090eb99ece36c5d39a3329a736933c800cc56623bff3e77e9 Copying blob sha256:69fb55955bb195dd1f75faa6d15da2a9617eb7bed59320c598bfa1d74d874213 Copying config sha256:66fce7c70ec0ace2af305ca5355de3cdaa86ff02b14a7ff6e6949f9aa9ad84e2 Writing manifest to image destination sha256:01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-04-22T13:53:44,093066717+00:00] End push pod: test-component-pac-jfjqoi-ob4259b147a08930b3126dc25f096f4e6-pod | container step-sbom-syft-generate: [2026-04-22T13:53:44,985037256+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-04-22T13:53:53,128656003+00:00] End sbom-syft-generate pod: test-component-pac-jfjqoi-ob4259b147a08930b3126dc25f096f4e6-pod | container step-prepare-sboms: [2026-04-22T13:53:53,333684679+00:00] Prepare SBOM [2026-04-22T13:53:53,337522687+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-04-22 13:53:54,465 [INFO] mobster.log: Logging level set to 20 2026-04-22 13:53:54,568 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:151f4f781ee4280a6b9f0a8ae75caf70723d2c9c8c940cf193a456873064647e 2026-04-22 13:53:55,320 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:0b1cabb75e483f0475292ba662c2b361a2979d0dbfbeb7228d1e79696f675463 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-04-22 13:53:55,507 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:0b1cabb75e483f0475292ba662c2b361a2979d0dbfbeb7228d1e79696f675463 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-04-22 13:53:55,975 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:0b1cabb75e483f0475292ba662c2b361a2979d0dbfbeb7228d1e79696f675463 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-04-22 13:53:56,183 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:0b1cabb75e483f0475292ba662c2b361a2979d0dbfbeb7228d1e79696f675463 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-04-22 13:53:56,587 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:0b1cabb75e483f0475292ba662c2b361a2979d0dbfbeb7228d1e79696f675463 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-04-22 13:53:56,848 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:0b1cabb75e483f0475292ba662c2b361a2979d0dbfbeb7228d1e79696f675463 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-04-22 13:53:57,274 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:0b1cabb75e483f0475292ba662c2b361a2979d0dbfbeb7228d1e79696f675463 with output b"Error: no attestations with predicate type 'https://spdx.dev/Document' found\nerror during command execution: no attestations with predicate type 'https://spdx.dev/Document' found\n" 2026-04-22 13:53:57,574 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:0b1cabb75e483f0475292ba662c2b361a2979d0dbfbeb7228d1e79696f675463 with output b"Error: no attestations with predicate type 'https://cyclonedx.org/bom' found\nerror during command execution: no attestations with predicate type 'https://cyclonedx.org/bom' found\n" 2026-04-22 13:53:57,575 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-04-22 13:53:57,575 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-04-22 13:53:57,575 [INFO] mobster.log: Contextual workflow completed in 3.03s 2026-04-22 13:53:57,608 [INFO] mobster.main: Exiting with code 0. [2026-04-22T13:53:57,675287165+00:00] End prepare-sboms pod: test-component-pac-jfjqoi-ob4259b147a08930b3126dc25f096f4e6-pod | container step-upload-sbom: [2026-04-22T13:53:58,420273132+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118@sha256:01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key <key path>'. Uploading SBOM file for [quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi@sha256:01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138] to [quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:sha256-01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi@sha256:99f25f735defe4a981b505f9a6ed0e1a24e03d72b99557ddf071930635848ca8 [2026-04-22T13:54:02,057519078+00:00] End upload-sbom pod: test-component-pac-jfjqoi-ob91cdd20e20be95d22114e74c7e25b68-pod | init container: prepare 2026/04/22 13:54:53 Entrypoint initialization pod: test-component-pac-jfjqoi-ob91cdd20e20be95d22114e74c7e25b68-pod | init container: place-scripts 2026/04/22 13:54:54 Decoded script /tekton/scripts/script-0-q4mpv 2026/04/22 13:54:54 Decoded script /tekton/scripts/script-1-8sn49 pod: test-component-pac-jfjqoi-ob91cdd20e20be95d22114e74c7e25b68-pod | init container: working-dir-initializer pod: test-component-pac-jfjqoi-ob91cdd20e20be95d22114e74c7e25b68-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: test-component-pac-jfjqoi INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-04-22T13:55:01+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-component-pac-jfjqoi-ob91cdd20e20be95d22114e74c7e25b68-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-apply-tags-pod | init container: prepare 2026/04/22 13:54:39 Entrypoint initialization pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-apply-tags-pod | container step-apply-additional-tags: time="2026-04-22T13:54:41Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118" time="2026-04-22T13:54:41Z" level=info msg="[param] digest: sha256:01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138" time="2026-04-22T13:54:41Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-04-22T13:54:42Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-clair-scan-pod | init container: prepare 2026/04/22 13:54:38 Entrypoint initialization pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-clair-scan-pod | init container: place-scripts 2026/04/22 13:54:38 Decoded script /tekton/scripts/script-0-9t7xz 2026/04/22 13:54:38 Decoded script /tekton/scripts/script-1-dtk5x 2026/04/22 13:54:38 Decoded script /tekton/scripts/script-2-gcsvs 2026/04/22 13:54:38 Decoded script /tekton/scripts/script-3-v6gm8 pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-clair-scan-pod | container step-get-image-manifests: pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-clair-scan-pod | container step-get-vulnerabilities: pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-clair-scan-pod | container step-oci-attach-report: pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-clair-scan-pod | container step-conftest-vulnerabilities: pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-clamav-scan-pod | init container: prepare 2026/04/22 13:54:38 Entrypoint initialization pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-clamav-scan-pod | init container: place-scripts 2026/04/22 13:54:38 Decoded script /tekton/scripts/script-0-xsr7h 2026/04/22 13:54:38 Decoded script /tekton/scripts/script-1-xtbqr pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi@sha256:01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 54.476 sec (0 m 54 s) Start Date: 2026:04:22 13:54:59 End Date: 2026:04:22 13:55:54 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27979/Wed Apr 22 06:26:01 2026 Database version: 27979 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1776866154","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1776866154","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1776866154","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118", "digests": ["sha256:01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138"]}} pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi Attaching to quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118@sha256:01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading b2062823b79a clamscan-result-amd64.log Uploading 0b4ab37e6939 clamscan-ec-test-amd64.json Uploaded 0b4ab37e6939 clamscan-ec-test-amd64.json Uploaded b2062823b79a clamscan-result-amd64.log Uploading a9675cb8488c application/vnd.oci.image.manifest.v1+json Uploaded a9675cb8488c application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/integration1-fgqi/test-component-pac-jfjqoi:on-pr-ed3328a539acc00b4d626fb0525fc3656cfad118@sha256:01c2be7821974e16be449d1c0be39656a2e26ce1599ccda98c402c99e732c138 Digest: sha256:a9675cb8488ce7b90f4e0af7ff8dad939c30aeb0c9e20a808c59eb46a4b12ece pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-init-pod | init container: prepare 2026/04/22 13:50:54 Entrypoint initialization pod: test-component-pac-jfjqoi-on-pull-request-pdc9m-init-pod | container step-init: time="2026-04-22T13:51:05Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-22T13:51:05Z" level=info msg="[param] enable: false" time="2026-04-22T13:51:05Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-22T13:51:05Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-22T13:51:05Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-22T13:51:05Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-22T13:51:05Z" level=info msg="Cache proxy is disabled in param or in backend" time="2026-04-22T13:51:05Z" level=info msg="[result] HTTP PROXY: " time="2026-04-22T13:51:05Z" level=info msg="[result] NO PROXY: " New PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 found after retrigger for component integration1-fgqi/test-component-pac-jfjqoi PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 found for Component integration1-fgqi/test-component-pac-jfjqoi PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 reason: Running PipelineRun test-component-pac-jfjqoi-on-pull-request-jnvf5 reason: Completed < Exit [It] waits for build PipelineRun to succeed - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:101 @ 04/22/26 14:00:30.162 (9m33.269s) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.162 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.162 (0s) > Enter [It] should have a related PaC init PR created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:107 @ 04/22/26 14:00:30.164 < Exit [It] should have a related PaC init PR created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:107 @ 04/22/26 14:00:30.44 (277ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.44 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.44 (0s) > Enter [It] checks if the BuildPipelineRun have the annotation of chains signed - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:128 @ 04/22/26 14:00:30.441 < Exit [It] checks if the BuildPipelineRun have the annotation of chains signed - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:128 @ 04/22/26 14:00:30.622 (181ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.622 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.622 (0s) > Enter [It] checks if the Snapshot is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:132 @ 04/22/26 14:00:30.623 < Exit [It] checks if the Snapshot is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:132 @ 04/22/26 14:00:30.647 (24ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.647 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.647 (0s) > Enter [It] checks if the Build PipelineRun got annotated with Snapshot name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:137 @ 04/22/26 14:00:30.648 < Exit [It] checks if the Build PipelineRun got annotated with Snapshot name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:137 @ 04/22/26 14:00:30.802 (154ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.803 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.803 (0s) > Enter [It] verifies that the finalizer has been removed from the build pipelinerun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:141 @ 04/22/26 14:00:30.803 < Exit [It] verifies that the finalizer has been removed from the build pipelinerun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:141 @ 04/22/26 14:00:30.874 (71ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.874 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:30.874 (0s) > Enter [It] checks if all of the integrationPipelineRuns passed - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:154 @ 04/22/26 14:00:30.875 Integration test scenario my-integration-test-zltt is found PipelineRun my-integration-test-zltt-c92xm reason: Succeeded < Exit [It] checks if all of the integrationPipelineRuns passed - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:154 @ 04/22/26 14:00:31.012 (137ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:31.012 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:31.012 (0s) > Enter [It] checks if the passed status of integration test is reported in the Snapshot - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:158 @ 04/22/26 14:00:31.012 < Exit [It] checks if the passed status of integration test is reported in the Snapshot - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:158 @ 04/22/26 14:00:31.045 (32ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:31.045 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:31.045 (0s) > Enter [It] checks if the skipped integration test is absent from the Snapshot's status annotation - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:173 @ 04/22/26 14:00:31.046 < Exit [It] checks if the skipped integration test is absent from the Snapshot's status annotation - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:173 @ 04/22/26 14:00:31.119 (73ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:31.119 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:31.119 (0s) > Enter [It] checks if the finalizer was removed from all of the related Integration pipelineRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:183 @ 04/22/26 14:00:31.119 Integration test scenario my-integration-test-zltt is found < Exit [It] checks if the finalizer was removed from all of the related Integration pipelineRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:183 @ 04/22/26 14:00:31.397 (278ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:31.397 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:31.397 (0s) > Enter [It] creates a ReleasePlan - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:188 @ 04/22/26 14:00:31.398 IntegrationTestScenario my-integration-test-zltt is found IntegrationTestScenario skipped-its is found < Exit [It] creates a ReleasePlan - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:188 @ 04/22/26 14:00:31.916 (518ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:31.916 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:31.916 (0s) > Enter [It] creates an snapshot of push event - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:198 @ 04/22/26 14:00:31.917 < Exit [It] creates an snapshot of push event - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:198 @ 04/22/26 14:00:32.185 (269ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:32.186 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:32.186 (0s) > Enter [It] checks if the global candidate is updated after push event - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:205 @ 04/22/26 14:00:32.187 < Exit [It] checks if the global candidate is updated after push event - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:205 @ 04/22/26 14:00:32.213 (27ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:32.214 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:00:32.214 (0s) [FAILED] Error when waiting for one of the integration pipelines to finish in integration1-fgqi namespace Expected success, but got an error: <*errors.errorString | 0xc00154a3c0>: error occurred while waiting for Integration PLR (associated with IntegrationTestScenario: my-integration-test-zltt) to get finished in integration1-fgqi namespace. Error: Pipelinerun 'my-integration-test-zltt-z2vgw' didn't succeed { s: "error occurred while waiting for Integration PLR (associated with IntegrationTestScenario: my-integration-test-zltt) to get finished in integration1-fgqi namespace. Error: Pipelinerun 'my-integration-test-zltt-z2vgw' didn't succeed\n", } In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:219 @ 04/22/26 14:01:32.256 > Enter [It] checks if all of the integrationPipelineRuns created by push event passed - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:218 @ 04/22/26 14:00:32.214 Integration test scenario my-integration-test-zltt is found PipelineRun has not been created yet for test scenario %s and snapshot %s/%s my-integration-test-zltt integration1-fgqi snapshot-sample-apiz PipelineRun my-integration-test-zltt-z2vgw reason: Running PipelineRun my-integration-test-zltt-z2vgw reason: Running PipelineRun my-integration-test-zltt-z2vgw reason: Failed [FAILED] Error when waiting for one of the integration pipelines to finish in integration1-fgqi namespace Expected success, but got an error: <*errors.errorString | 0xc00154a3c0>: error occurred while waiting for Integration PLR (associated with IntegrationTestScenario: my-integration-test-zltt) to get finished in integration1-fgqi namespace. Error: Pipelinerun 'my-integration-test-zltt-z2vgw' didn't succeed { s: "error occurred while waiting for Integration PLR (associated with IntegrationTestScenario: my-integration-test-zltt) to get finished in integration1-fgqi namespace. Error: Pipelinerun 'my-integration-test-zltt-z2vgw' didn't succeed\n", } In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:219 @ 04/22/26 14:01:32.256 < Exit [It] checks if all of the integrationPipelineRuns created by push event passed - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:218 @ 04/22/26 14:01:32.256 (1m0.042s) > Enter [AfterAll] with happy path for general flow of Integration service - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:68 @ 04/22/26 14:01:32.257 < Exit [AfterAll] with happy path for general flow of Integration service - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:68 @ 04/22/26 14:01:33.03 (773ms) > Enter [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:01:33.03 < Exit [AfterEach] [integration-service-suite Integration Service E2E tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:49 @ 04/22/26 14:01:33.141 (111ms) [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:222 @ 04/22/26 14:01:33.142 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:266 @ 04/22/26 14:01:33.142 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:273 @ 04/22/26 14:01:33.142 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:292 @ 04/22/26 14:01:33.142 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:296 @ 04/22/26 14:01:33.142 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:301 @ 04/22/26 14:01:33.143 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:305 @ 04/22/26 14:01:33.143 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:309 @ 04/22/26 14:01:33.143 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:324 @ 04/22/26 14:01:33.143 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:334 @ 04/22/26 14:01:33.143 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:340 @ 04/22/26 14:01:33.144 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:344 @ 04/22/26 14:01:33.144 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:349 @ 04/22/26 14:01:33.144 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:358 @ 04/22/26 14:01:33.145 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:364 @ 04/22/26 14:01:33.145 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:378 @ 04/22/26 14:01:33.145 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:382 @ 04/22/26 14:01:33.146 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:399 @ 04/22/26 14:01:33.146 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:406 @ 04/22/26 14:01:33.146 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/integration.go:413 @ 04/22/26 14:01:33.146 > Enter [BeforeAll] Gitlab with status reporting of Integration tests in the assosiated merge request - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:45 @ 04/22/26 13:50:09.895 < Exit [BeforeAll] Gitlab with status reporting of Integration tests in the assosiated merge request - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:45 @ 04/22/26 13:50:13.772 (3.877s) > Enter [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:109 @ 04/22/26 13:50:13.772 Image repository for component test-comp-pac-gitlab-igxorp in namespace gitlab-rep-lobq do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:109 @ 04/22/26 13:50:34.236 (20.464s) > Enter [It] triggers a Build PipelineRun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:130 @ 04/22/26 13:50:34.237 Build PipelineRun has not been created yet for the component gitlab-rep-lobq/test-comp-pac-gitlab-igxorp Build PipelineRun has not been created yet for the component gitlab-rep-lobq/test-comp-pac-gitlab-igxorp < Exit [It] triggers a Build PipelineRun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:130 @ 04/22/26 13:51:14.277 (40.04s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 13:51:14.277 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 13:51:14.277 (0s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:144 @ 04/22/26 13:51:14.277 < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:144 @ 04/22/26 13:51:14.278 (0s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 13:51:14.278 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 13:51:14.278 (0s) > Enter [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:148 @ 04/22/26 13:51:14.278 PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m found for Component gitlab-rep-lobq/test-comp-pac-gitlab-igxorp PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: ResolvingTaskRef PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: PipelineRunStopping PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m reason: Failed attempt 1/3: PipelineRun "test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m" failed: pod: test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m-init-pod | init container: prepare 2026/04/22 13:51:16 Entrypoint initialization pod: test-comp-pac-gitlab-igxorp-on-pull-request-lbb8m-init-pod | container step-init: time="2026-04-22T13:51:28Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-22T13:51:28Z" level=info msg="[param] enable: false" time="2026-04-22T13:51:28Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-22T13:51:28Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-22T13:51:28Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-22T13:51:28Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-22T13:51:28Z" level=info msg="Cache proxy is disabled in param or in backend" time="2026-04-22T13:51:28Z" level=info msg="[result] HTTP PROXY: " time="2026-04-22T13:51:28Z" level=info msg="[result] NO PROXY: " pod: test-comp-pac-gitlab-igxorp60fb35d3220ec4d2e7eeda7d77f3a5fc-pod | init container: prepare 2026/04/22 13:54:26 Entrypoint initialization pod: test-comp-pac-gitlab-igxorp60fb35d3220ec4d2e7eeda7d77f3a5fc-pod | container step-apply-additional-tags: time="2026-04-22T13:54:39Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/gitlab-rep-lobq/test-comp-pac-gitlab-igxorp:on-pr-70cc1ddfcf9cd51615288f9f6cf05c168c0020fd" time="2026-04-22T13:54:39Z" level=info msg="[param] digest: sha256:1c8c1e36458147ab09c5f56f37d306bc099035e09138d323b899d70a835c7c92" time="2026-04-22T13:54:39Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-04-22T13:54:40Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-comp-pac-gitlab-igxorpfaf3dc914699e00b644c636367bcea4a-pod | init container: prepare 2026/04/22 13:54:26 Entrypoint initialization pod: test-comp-pac-gitlab-igxorpfaf3dc914699e00b644c636367bcea4a-pod | init container: place-scripts 2026/04/22 13:54:37 Decoded script /tekton/scripts/script-0-k6mzx 2026/04/22 13:54:37 Decoded script /tekton/scripts/script-1-wszgt pod: test-comp-pac-gitlab-igxorpfaf3dc914699e00b644c636367bcea4a-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/gitlab-rep-lobq/test-comp-pac-gitlab-igxorp@sha256:1c8c1e36458147ab09c5f56f37d306bc099035e09138d323b899d70a835c7c92. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 53.914 sec (0 m 53 s) Start Date: 2026:04:22 13:55:01 End Date: 2026:04:22 13:55:55 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27979/Wed Apr 22 06:26:01 2026 Database version: 27979 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1776866155","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1776866155","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1776866155","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/gitlab-rep-lobq/test-comp-pac-gitlab-igxorp:on-pr-70cc1ddfcf9cd51615288f9f6cf05c168c0020fd", "digests": ["sha256:1c8c1e36458147ab09c5f56f37d306bc099035e09138d323b899d70a835c7c92"]}} pod: test-comp-pac-gitlab-igxorpfaf3dc914699e00b644c636367bcea4a-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/gitlab-rep-lobq/test-comp-pac-gitlab-igxorp Attaching to quay.io/redhat-appstudio-qe/gitlab-rep-lobq/test-comp-pac-gitlab-igxorp:on-pr-70cc1ddfcf9cd51615288f9f6cf05c168c0020fd Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/gitlab-rep-lobq/test-comp-pac-gitlab-igxorp:on-pr-70cc1ddfcf9cd51615288f9f6cf05c168c0020fd@sha256:1c8c1e36458147ab09c5f56f37d306bc099035e09138d323b899d70a835c7c92 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 22c5aee036be clamscan-result-amd64.log Uploading 2bdd9a80e476 clamscan-ec-test-amd64.json Uploaded 22c5aee036be clamscan-result-amd64.log Uploaded 2bdd9a80e476 clamscan-ec-test-amd64.json Uploading 3e57afab184e application/vnd.oci.image.manifest.v1+json Uploaded 3e57afab184e application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/gitlab-rep-lobq/test-comp-pac-gitlab-igxorp:on-pr-70cc1ddfcf9cd51615288f9f6cf05c168c0020fd@sha256:1c8c1e36458147ab09c5f56f37d306bc099035e09138d323b899d70a835c7c92 Digest: sha256:3e57afab184e23eae0c4b1a34bc6957e9f294f784abc3848e2132181a2f7737f New PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 found after retrigger for component gitlab-rep-lobq/test-comp-pac-gitlab-igxorp PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 found for Component gitlab-rep-lobq/test-comp-pac-gitlab-igxorp PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: ResolvingTaskRef PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Running PipelineRun test-comp-pac-gitlab-igxorp-on-pull-request-rznw8 reason: Completed < Exit [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:148 @ 04/22/26 14:01:25.585 (10m11.307s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:25.586 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:25.586 (0s) > Enter [It] should have a related PaC init MR is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:153 @ 04/22/26 14:01:25.586 < Exit [It] should have a related PaC init MR is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:153 @ 04/22/26 14:01:26.73 (1.144s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:26.73 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:26.73 (0s) > Enter [It] the PipelineRun should eventually finish successfully for component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:172 @ 04/22/26 14:01:26.73 PipelineRun my-integration-test-ojhx-6t57r found for Component gitlab-rep-lobq/test-comp-pac-gitlab-igxorp PipelineRun my-integration-test-ojhx-6t57r reason: Running PipelineRun my-integration-test-ojhx-6t57r reason: Succeeded < Exit [It] the PipelineRun should eventually finish successfully for component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:172 @ 04/22/26 14:01:46.746 (20.016s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.746 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.746 (0s) > Enter [It] checks if the BuildPipelineRun have the annotation of chains signed - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:179 @ 04/22/26 14:01:46.747 < Exit [It] checks if the BuildPipelineRun have the annotation of chains signed - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:179 @ 04/22/26 14:01:46.764 (17ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.764 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.764 (0s) > Enter [It] checks if the Snapshot is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:183 @ 04/22/26 14:01:46.765 < Exit [It] checks if the Snapshot is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:183 @ 04/22/26 14:01:46.772 (7ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.772 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.772 (0s) > Enter [It] checks if the Build PipelineRun got annotated with Snapshot name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:188 @ 04/22/26 14:01:46.772 < Exit [It] checks if the Build PipelineRun got annotated with Snapshot name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:188 @ 04/22/26 14:01:46.789 (17ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.789 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.789 (0s) > Enter [It] should find the Integration Test Scenario PipelineRun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:194 @ 04/22/26 14:01:46.79 < Exit [It] should find the Integration Test Scenario PipelineRun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:194 @ 04/22/26 14:01:46.796 (6ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.796 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.796 (0s) > Enter [It] should eventually complete successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:207 @ 04/22/26 14:01:46.796 PipelineRun my-integration-test-pkvc-mddwl reason: Succeeded PipelineRun my-integration-test-ojhx-6t57r reason: Succeeded < Exit [It] should eventually complete successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:207 @ 04/22/26 14:01:46.808 (12ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.808 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:46.808 (0s) > Enter [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it pass - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:212 @ 04/22/26 14:01:46.809 < Exit [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it pass - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:212 @ 04/22/26 14:01:46.999 (191ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:47 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:47 (0s) > Enter [It] eventually leads to the integration test PipelineRun's Pass status reported at MR commit status - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:229 @ 04/22/26 14:01:47 < Exit [It] eventually leads to the integration test PipelineRun's Pass status reported at MR commit status - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:229 @ 04/22/26 14:01:47.38 (380ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:47.381 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:47.381 (0s) > Enter [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it fails - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:233 @ 04/22/26 14:01:47.381 < Exit [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it fails - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:233 @ 04/22/26 14:01:47.559 (178ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:47.559 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:47.559 (0s) > Enter [It] eventually leads to the integration test PipelineRun's Fail status reported at MR commit status - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:250 @ 04/22/26 14:01:47.56 < Exit [It] eventually leads to the integration test PipelineRun's Fail status reported at MR commit status - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:250 @ 04/22/26 14:01:48.012 (452ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:48.012 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:48.012 (0s) > Enter [It] validates at least one MR note contains the final integration test result - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:254 @ 04/22/26 14:01:48.013 < Exit [It] validates at least one MR note contains the final integration test result - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:254 @ 04/22/26 14:01:48.238 (226ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:48.238 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:48.238 (0s) > Enter [It] merging the PR should be successful - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:278 @ 04/22/26 14:01:48.239 merged result sha: 7d21df9d38a9058bb05bac345ad0b84ec2193e3a for MR #17401 < Exit [It] merging the PR should be successful - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:278 @ 04/22/26 14:01:49.919 (1.68s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:49.919 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:49.919 (0s) > Enter [It] leads to triggering on push PipelineRun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:288 @ 04/22/26 14:01:49.92 < Exit [It] leads to triggering on push PipelineRun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:288 @ 04/22/26 14:01:49.932 (12ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:49.932 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:49.932 (0s) > Enter [It] should eventually complete successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:303 @ 04/22/26 14:01:49.933 PipelineRun my-integration-test-pkvc-mddwl reason: Succeeded PipelineRun my-integration-test-ojhx-6t57r reason: Succeeded < Exit [It] should eventually complete successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:303 @ 04/22/26 14:01:49.945 (12ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:49.945 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:49.945 (0s) > Enter [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it pass - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:308 @ 04/22/26 14:01:49.946 < Exit [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it pass - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:308 @ 04/22/26 14:01:50.141 (195ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:50.141 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:50.141 (0s) > Enter [It] eventually leads to the integration test PipelineRun's Pass status reported at MR commit status - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:325 @ 04/22/26 14:01:50.142 < Exit [It] eventually leads to the integration test PipelineRun's Pass status reported at MR commit status - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:325 @ 04/22/26 14:01:50.497 (355ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:50.497 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:50.497 (0s) > Enter [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it fails - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:329 @ 04/22/26 14:01:50.497 < Exit [It] validates the Integration test scenario PipelineRun is reported to merge request CommitStatus, and it fails - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:329 @ 04/22/26 14:01:50.736 (238ms) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:50.736 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:50.736 (0s) > Enter [It] eventually leads to the integration test PipelineRun's Fail status reported at MR commit status - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:346 @ 04/22/26 14:01:50.737 < Exit [It] eventually leads to the integration test PipelineRun's Fail status reported at MR commit status - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:346 @ 04/22/26 14:01:51.082 (346ms) > Enter [AfterAll] Gitlab with status reporting of Integration tests in the assosiated merge request - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:94 @ 04/22/26 14:01:51.082 < Exit [AfterAll] Gitlab with status reporting of Integration tests in the assosiated merge request - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:94 @ 04/22/26 14:01:54.776 (3.693s) > Enter [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:54.776 < Exit [AfterEach] [integration-service-suite Gitlab Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/gitlab-integration-reporting.go:42 @ 04/22/26 14:01:54.776 (0s) > Enter [BeforeAll] Forgejo with status reporting of Integration tests in the associated merge request - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:48 @ 04/22/26 13:50:09.791 < Exit [BeforeAll] Forgejo with status reporting of Integration tests in the associated merge request - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:48 @ 04/22/26 13:50:18.998 (9.207s) > Enter [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:112 @ 04/22/26 13:50:18.998 Image repository for component test-comp-pac-forgejo-wqnvvd in namespace forgejo-rep-xlpn do not have right state ('' != 'ready') yet but it has status { { } {<nil> } []}. < Exit [BeforeAll] when a new Component with specified custom branch is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:112 @ 04/22/26 13:52:29.946 (2m10.948s) > Enter [It] triggers a Build PipelineRun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:159 @ 04/22/26 13:52:29.946 Build PipelineRun has not been created yet for the component forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd < Exit [It] triggers a Build PipelineRun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:159 @ 04/22/26 13:52:49.987 (20.041s) > Enter [AfterEach] [integration-service-suite Forgejo Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:45 @ 04/22/26 13:52:49.987 < Exit [AfterEach] [integration-service-suite Forgejo Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:45 @ 04/22/26 13:52:49.988 (0s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:173 @ 04/22/26 13:52:49.988 < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:173 @ 04/22/26 13:52:49.988 (0s) > Enter [AfterEach] [integration-service-suite Forgejo Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:45 @ 04/22/26 13:52:49.988 < Exit [AfterEach] [integration-service-suite Forgejo Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:45 @ 04/22/26 13:52:49.988 (0s) [FAILED] Expected success, but got an error: <*errors.errorString | 0xc0015450d0>: pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d-init-pod | init container: prepare 2026/04/22 14:14:24 Entrypoint initialization pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d-init-pod | container step-init: time="2026-04-22T14:14:27Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-22T14:14:27Z" level=info msg="[param] enable: false" time="2026-04-22T14:14:27Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-22T14:14:27Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-22T14:14:27Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-22T14:14:27Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-22T14:14:27Z" level=info msg="Cache proxy is disabled in param or in backend" time="2026-04-22T14:14:27Z" level=info msg="[result] HTTP PROXY: " time="2026-04-22T14:14:27Z" level=info msg="[result] NO PROXY: " { s: "\n pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d-init-pod | init container: prepare\n2026/04/22 14:14:24 Entrypoint initialization\n\npod: test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d-init-pod | container step-init: \ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"Using in-cluster config\" logger=KubeClient\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[param] enable: false\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[param] default-http-proxy: squid.caching.svc.cluster.local:3128\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[param] http-proxy-result-path: /tekton/results/http-proxy\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[param] no-proxy-result-path: /tekton/results/no-proxy\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"Cache proxy is disabled in param or in backend\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[result] HTTP PROXY: \"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[result] NO PROXY: \"\n", } In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:179 @ 04/22/26 14:22:44.204 > Enter [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:177 @ 04/22/26 13:52:49.989 PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 found for Component forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28 reason: Failed attempt 1/3: PipelineRun "test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28" failed: pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28-init-pod | init container: prepare 2026/04/22 13:52:39 Entrypoint initialization pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28-init-pod | container step-init: time="2026-04-22T13:52:43Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-22T13:52:43Z" level=info msg="[param] enable: false" time="2026-04-22T13:52:43Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-22T13:52:43Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-22T13:52:43Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-22T13:52:43Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-22T13:52:43Z" level=info msg="Cache proxy is disabled in param or in backend" time="2026-04-22T13:52:43Z" level=info msg="[result] HTTP PROXY: " time="2026-04-22T13:52:43Z" level=info msg="[result] NO PROXY: " pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28-tpa-scan-pod | init container: prepare 2026/04/22 14:01:12 Entrypoint initialization pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28-tpa-scan-pod | init container: place-scripts 2026/04/22 14:01:12 Decoded script /tekton/scripts/script-0-z6q99 2026/04/22 14:01:12 Decoded script /tekton/scripts/script-1-m72jx 2026/04/22 14:01:12 Decoded script /tekton/scripts/script-2-gdkqw pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28-tpa-scan-pod | container step-get-vulnerabilities: Inspecting raw image manifest quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd@sha256:3256c4ec347b39c20f504484f30eefb1130437a2d703e8e4d257cf3367938d87. Selecting auth Using token for quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd Selecting auth Using token for quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation <image uri>'. Found SBOM of media type: text/spdx+json Running TPA scan on amd64 image manifest... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 360k 0 0 100 360k 0 1679k --:--:-- --:--:-- --:--:-- 1671k{ "scanned" : { "total" : 152, "direct" : 25, "transitive" : 127 }, "providers" : { "rhtpa" : { "status" : { "ok" : true, "name" : "rhtpa", "code" : 200, "message" : "OK", "warnings" : { "pkg:maven/io.github.stuartwdouglas.hacbstest.Main/hacbs-test" : [ "Unable to process: missing version component" ] } }, "sources" : { "osv-github" : { "summary" : { "direct" : 2, "transitive" : 0, "total" : 2, "dependencies" : 1, "critical" : 0, "high" : 2, "medium" : 0, "low" : 0, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:pypi/setuptools@39.2.0", "issues" : [ { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } } ] }, "redhat-csaf" : { "summary" : { "direct" : 50, "transitive" : 345, "total" : 395, "dependencies" : 57, "critical" : 7, "high" : 133, "medium" : 236, "low" : 19, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=openldap-2.4.46-21.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-21945", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21945" ], "unique" : false }, { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2026-21933", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21933" ], "unique" : false }, { "id" : "CVE-2026-21925", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21925" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/javapackages-filesystem@5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6?arch=noarch&distro=rhel-8.10&upstream=javapackages-tools-5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6.src.rpm", "issues" : [ { "id" : "CVE-2025-48734", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-48734" ], "unique" : false }, { "id" : "CVE-2019-10086", "title" : "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2019-10086" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-48734", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-48734" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cups-libs@2.2.6-67.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=cups-2.2.6-67.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-58060", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-58060" ], "unique" : false }, { "id" : "CVE-2024-47175", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2024-47175" ], "unique" : false }, { "id" : "CVE-2023-34241", "title" : "CUPS vulnerable to use-after-free in cupsdAcceptClient()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-34241" ], "unique" : false }, { "id" : "CVE-2022-26691", "title" : "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-26691" ], "unique" : false }, { "id" : "CVE-2023-32360", "title" : "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32360" ], "unique" : false }, { "id" : "CVE-2025-58364", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-58364" ], "unique" : false }, { "id" : "CVE-2023-32324", "title" : "OpenPrinting CUPS vulnerable to heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32324" ], "unique" : false }, { "id" : "CVE-2025-58436", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-58436" ], "unique" : false }, { "id" : "CVE-2024-35235", "title" : "Cupsd Listen arbitrary chmod 0140777", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35235" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-58060", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-58060" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=rhel-8.10&upstream=gnutls-3.6.16-8.el8_10.5.src.rpm", "issues" : [ { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false }, { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2023-0361", "title" : "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0361" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false }, { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-libs@1.12.8-27.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=dbus-1.12.8-27.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-42010", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42010" ], "unique" : false }, { "id" : "CVE-2022-42011", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42011" ], "unique" : false }, { "id" : "CVE-2022-42012", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42012" ], "unique" : false }, { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-42010", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42010" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false }, { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2021-44964" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/avahi-libs@0.7-27.el8_10.1?arch=x86_64&distro=rhel-8.10&upstream=avahi-0.7-27.el8_10.1.src.rpm", "issues" : [ { "id" : "CVE-2021-3468", "title" : "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3468" ], "unique" : false }, { "id" : "CVE-2023-1981", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1981" ], "unique" : false }, { "id" : "CVE-2023-38469", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38469" ], "unique" : false }, { "id" : "CVE-2023-38470", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38470" ], "unique" : false }, { "id" : "CVE-2023-38471", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38471" ], "unique" : false }, { "id" : "CVE-2023-38472", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38472" ], "unique" : false }, { "id" : "CVE-2023-38473", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38473" ], "unique" : false }, { "id" : "CVE-2021-3502", "title" : "A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3502" ], "unique" : false }, { "id" : "CVE-2024-52615", "title" : "Avahi: avahi wide-area dns uses constant source port", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52615" ], "unique" : false }, { "id" : "CVE-2024-52616", "title" : "Avahi: avahi wide-area dns predictable transaction ids", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52616" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-3468", "title" : "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3468" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64&distro=rhel-8.10&upstream=systemd-239-82.el8_10.15.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2022-3821", "title" : "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3821" ], "unique" : false }, { "id" : "CVE-2022-4415", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4415" ], "unique" : false }, { "id" : "CVE-2022-45873", "title" : "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-45873" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=rhel-8.10&upstream=libgcrypt-1.8.5-7.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/alsa-lib@1.2.10-2.el8?arch=x86_64&distro=rhel-8.10&upstream=alsa-lib-1.2.10-2.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-25068", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25068" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-25068", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25068" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm", "issues" : [ { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false }, { "id" : "CVE-2022-22576", "title" : "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2022-22576" ], "unique" : false }, { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2022-27775", "title" : "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27775" ], "unique" : false }, { "id" : "CVE-2022-27782", "title" : "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27782" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2022-32206", "title" : "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32206" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23916" ], "unique" : false }, { "id" : "CVE-2022-43552", "title" : "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-43552" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2022-32208", "title" : "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32208" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2022-27774", "title" : "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27774" ], "unique" : false }, { "id" : "CVE-2022-32221", "title" : "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32221" ], "unique" : false }, { "id" : "CVE-2022-27776", "title" : "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27776" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false }, { "id" : "CVE-2022-35252", "title" : "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2022-35252" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm", "issues" : [ { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false }, { "id" : "CVE-2022-22576", "title" : "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2022-22576" ], "unique" : false }, { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2025-15079", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15079" ], "unique" : false }, { "id" : "CVE-2022-27775", "title" : "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27775" ], "unique" : false }, { "id" : "CVE-2022-27782", "title" : "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27782" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2025-13034", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13034" ], "unique" : false }, { "id" : "CVE-2025-14819", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14819" ], "unique" : false }, { "id" : "CVE-2026-1965", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1965" ], "unique" : false }, { "id" : "CVE-2022-32206", "title" : "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32206" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23916" ], "unique" : false }, { "id" : "CVE-2025-14524", "title" : "bearer token leak on cross-protocol redirect", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14524" ], "unique" : false }, { "id" : "CVE-2026-3784", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3784" ], "unique" : false }, { "id" : "CVE-2026-3805", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3805" ], "unique" : false }, { "id" : "CVE-2022-43552", "title" : "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-43552" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2025-10966", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-10966" ], "unique" : false }, { "id" : "CVE-2026-3783", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3783" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2022-32208", "title" : "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32208" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2022-27774", "title" : "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27774" ], "unique" : false }, { "id" : "CVE-2022-32221", "title" : "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32221" ], "unique" : false }, { "id" : "CVE-2025-10148", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-10148" ], "unique" : false }, { "id" : "CVE-2025-14017", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14017" ], "unique" : false }, { "id" : "CVE-2025-15224", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15224" ], "unique" : false }, { "id" : "CVE-2022-27776", "title" : "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27776" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false }, { "id" : "CVE-2022-35252", "title" : "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2022-35252" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64&distro=rhel-8.10&upstream=libxml2-2.9.7-21.el8_10.3.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2022-40304", "title" : "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-40304" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2022-40303", "title" : "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40303" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2022-29824", "title" : "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2022-29824" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false }, { "id" : "CVE-2025-5987", "title" : "Libssh: invalid return code for chacha20 poly1305 with openssl backend", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5987" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2026-3731", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3731" ], "unique" : false }, { "id" : "CVE-2023-2283", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2283" ], "unique" : false }, { "id" : "CVE-2023-6004", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6004" ], "unique" : false }, { "id" : "CVE-2023-1667", "title" : "A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1667" ], "unique" : false }, { "id" : "CVE-2023-6918", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-6918" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false }, { "id" : "CVE-2025-5987", "title" : "Libssh: invalid return code for chacha20 poly1305 with openssl backend", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5987" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2026-3731", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3731" ], "unique" : false }, { "id" : "CVE-2023-2283", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2283" ], "unique" : false }, { "id" : "CVE-2023-6004", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6004" ], "unique" : false }, { "id" : "CVE-2023-1667", "title" : "A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1667" ], "unique" : false }, { "id" : "CVE-2023-6918", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-6918" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libarchive-3.3.3-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2022-26280", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-26280" ], "unique" : false }, { "id" : "CVE-2022-36227", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-36227" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64&distro=rhel-8.10&upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli@1.0.6-4.el8_10?arch=x86_64&distro=rhel-8.10&upstream=brotli-1.0.6-4.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=openldap-2.4.46-21.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false }, { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2021-44964" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64&distro=rhel-8.10&upstream=microdnf-3.8.0-2.el8.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm", "issues" : [ { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false }, { "id" : "CVE-2022-22576", "title" : "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2022-22576" ], "unique" : false }, { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2022-27775", "title" : "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27775" ], "unique" : false }, { "id" : "CVE-2022-27782", "title" : "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27782" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2022-32206", "title" : "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32206" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23916" ], "unique" : false }, { "id" : "CVE-2022-43552", "title" : "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-43552" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2022-32208", "title" : "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32208" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2022-27774", "title" : "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27774" ], "unique" : false }, { "id" : "CVE-2022-32221", "title" : "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32221" ], "unique" : false }, { "id" : "CVE-2022-27776", "title" : "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27776" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false }, { "id" : "CVE-2022-35252", "title" : "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2022-35252" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm", "issues" : [ { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false }, { "id" : "CVE-2022-22576", "title" : "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2022-22576" ], "unique" : false }, { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2025-15079", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15079" ], "unique" : false }, { "id" : "CVE-2022-27775", "title" : "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27775" ], "unique" : false }, { "id" : "CVE-2022-27782", "title" : "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27782" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2025-13034", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13034" ], "unique" : false }, { "id" : "CVE-2025-14819", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14819" ], "unique" : false }, { "id" : "CVE-2026-1965", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1965" ], "unique" : false }, { "id" : "CVE-2022-32206", "title" : "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32206" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23916" ], "unique" : false }, { "id" : "CVE-2025-14524", "title" : "bearer token leak on cross-protocol redirect", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14524" ], "unique" : false }, { "id" : "CVE-2026-3784", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3784" ], "unique" : false }, { "id" : "CVE-2026-3805", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3805" ], "unique" : false }, { "id" : "CVE-2022-43552", "title" : "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-43552" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2025-10966", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-10966" ], "unique" : false }, { "id" : "CVE-2026-3783", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3783" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2022-32208", "title" : "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32208" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2022-27774", "title" : "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27774" ], "unique" : false }, { "id" : "CVE-2022-32221", "title" : "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32221" ], "unique" : false }, { "id" : "CVE-2025-10148", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-10148" ], "unique" : false }, { "id" : "CVE-2025-14017", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14017" ], "unique" : false }, { "id" : "CVE-2025-15224", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15224" ], "unique" : false }, { "id" : "CVE-2022-27776", "title" : "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27776" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false }, { "id" : "CVE-2022-35252", "title" : "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2022-35252" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64&distro=rhel-8.10&upstream=libxml2-2.9.7-21.el8_10.3.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2022-40304", "title" : "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-40304" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2022-40303", "title" : "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40303" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2022-29824", "title" : "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2022-29824" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libksba@1.3.5-9.el8_7?arch=x86_64&distro=rhel-8.10&upstream=libksba-1.3.5-9.el8_7.src.rpm", "issues" : [ { "id" : "CVE-2022-3515", "title" : "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-3515" ], "unique" : false }, { "id" : "CVE-2022-47629", "title" : "Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-47629" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3515", "title" : "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-3515" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gnupg2-2.2.20-4.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2022-34903", "title" : "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-34903" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false }, { "id" : "CVE-2025-5987", "title" : "Libssh: invalid return code for chacha20 poly1305 with openssl backend", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5987" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2026-3731", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3731" ], "unique" : false }, { "id" : "CVE-2023-2283", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2283" ], "unique" : false }, { "id" : "CVE-2023-6004", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6004" ], "unique" : false }, { "id" : "CVE-2023-1667", "title" : "A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1667" ], "unique" : false }, { "id" : "CVE-2023-6918", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-6918" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false }, { "id" : "CVE-2025-5987", "title" : "Libssh: invalid return code for chacha20 poly1305 with openssl backend", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5987" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2026-3731", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3731" ], "unique" : false }, { "id" : "CVE-2023-2283", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2283" ], "unique" : false }, { "id" : "CVE-2023-6004", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6004" ], "unique" : false }, { "id" : "CVE-2023-1667", "title" : "A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1667" ], "unique" : false }, { "id" : "CVE-2023-6918", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-6918" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libarchive-3.3.3-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2022-26280", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-26280" ], "unique" : false }, { "id" : "CVE-2022-36227", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-36227" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=rhel-8.10&upstream=glib2-2.56.4-168.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=rhel-8.10&upstream=libsolv-0.7.20-6.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-33928", "title" : "Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-33928" ], "unique" : false }, { "id" : "CVE-2021-33929", "title" : "Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-33929" ], "unique" : false }, { "id" : "CVE-2021-33930", "title" : "Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-33930" ], "unique" : false }, { "id" : "CVE-2021-33938", "title" : "Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-33938" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2021-44568", "title" : "Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-44568" ], "unique" : false }, { "id" : "CVE-2021-3200", "title" : "Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2021-3200" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-33928", "title" : "Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-33928" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli@1.0.6-4.el8_10?arch=x86_64&distro=rhel-8.10&upstream=brotli-1.0.6-4.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=rhel-8.10&upstream=gnutls-3.6.16-8.el8_10.5.src.rpm", "issues" : [ { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false }, { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2023-0361", "title" : "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0361" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64&distro=rhel-8.10&upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=openldap-2.4.46-21.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false }, { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2021-44964" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=rhel-8.10&upstream=libgcrypt-1.8.5-7.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64&distro=rhel-8.10&upstream=systemd-239-82.el8_10.15.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2022-3821", "title" : "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3821" ], "unique" : false }, { "id" : "CVE-2022-4415", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4415" ], "unique" : false }, { "id" : "CVE-2022-45873", "title" : "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-45873" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=rhel-8.10&upstream=file-5.33-27.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=rhel-8.10&epoch=2&upstream=tar-1.30-11.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-45582", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-45582" ], "unique" : false }, { "id" : "CVE-2022-48303", "title" : "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48303" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=lz4-1.8.3-5.el8_10.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch&distro=rhel-8.10&upstream=rootfiles-8.1-22.el8.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libsemanage-2.9-12.el8_10.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=rhel-8.10&epoch=2&upstream=shadow-utils-4.6-23.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", 100 1010k 0 649k 100 360k 1020k 567k --:--:-- --:--:-- --:--:-- 1585k "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } } ] } } } }, "licenses" : [ { "status" : { "ok" : false, "name" : "deps.dev", "code" : 400, "message" : "Bad Request: invalid purl \"pkg:maven/io.github.stuartwdouglas.hacbstest.Main/hacbs-test\" at request index 24", "warnings" : { } }, "summary" : { "total" : 1, "concluded" : 120, "permissive" : 1, "weakCopyleft" : 0, "strongCopyleft" : 0, "unknown" : 0, "deprecated" : 0, "osiApproved" : 1, "fsfLibre" : 1 }, "packages" : { "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64&distro=rhel-8.10&upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/p11-kit@0.23.22-2.el8?arch=x86_64&distro=rhel-8.10&upstream=p11-kit-0.23.22-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libxcrypt@4.1.1-6.el8?arch=x86_64&distro=rhel-8.10&upstream=libxcrypt-4.1.1-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sed-4.5-5.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/filesystem@3.8-6.el8?arch=x86_64&distro=rhel-8.10&upstream=filesystem-3.8-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=rhel-8.10&upstream=libsolv-0.7.20-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libsemanage-2.9-12.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/nettle@3.4.1-7.el8?arch=x86_64&distro=rhel-8.10&upstream=nettle-3.4.1-7.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libverto@0.3.2-2.el8?arch=x86_64&distro=rhel-8.10&upstream=libverto-0.3.2-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-8.10" : { "evidence" : [ ] }, "pkg:rpm/redhat/gdbm-libs@1.18-2.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gdbm-1.18-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libunistring@0.9.9-3.el8?arch=x86_64&distro=rhel-8.10&upstream=libunistring-0.9.9-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/platform-python@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=rhel-8.10&epoch=2&upstream=shadow-utils-4.6-23.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/json-c@0.13.1-3.el8?arch=x86_64&distro=rhel-8.10&upstream=json-c-0.13.1-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libyaml@0.1.7-5.el8?arch=x86_64&distro=rhel-8.10&upstream=libyaml-0.1.7-5.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libksba@1.3.5-9.el8_7?arch=x86_64&distro=rhel-8.10&upstream=libksba-1.3.5-9.el8_7.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=rhel-8.10&upstream=file-5.33-27.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gpgme@1.13.1-12.el8?arch=x86_64&distro=rhel-8.10&upstream=gpgme-1.13.1-12.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libacl@2.2.53-3.el8?arch=x86_64&distro=rhel-8.10&upstream=acl-2.2.53-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libarchive-3.3.3-7.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libmodulemd@2.13.0-1.el8?arch=x86_64&distro=rhel-8.10&upstream=libmodulemd-2.13.0-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/p11-kit-trust@0.23.22-2.el8?arch=x86_64&distro=rhel-8.10&upstream=p11-kit-0.23.22-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=rhel-8.10&upstream=zstd-1.4.4-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/langpacks-en@1.0-12.el8?arch=noarch&distro=rhel-8.10&upstream=langpacks-1.0-12.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/keyutils-libs@1.5.10-9.el8?arch=x86_64&distro=rhel-8.10&upstream=keyutils-1.5.10-9.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=rhel-8.10&upstream=gnutls-3.6.16-8.el8_10.5.src.rpm" : { "evidence" : [ ] }, "pkg:github/beatlabs/delete-old-branches-action@v0.0.10" : { "evidence" : [ ] }, "pkg:rpm/redhat/findutils@4.6.0-24.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=findutils-4.6.0-24.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libattr@2.4.48-3.el8?arch=x86_64&distro=rhel-8.10&upstream=attr-2.4.48-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/npth@1.5-4.el8?arch=x86_64&distro=rhel-8.10&upstream=npth-1.5-4.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/librepo@1.14.2-5.el8?arch=x86_64&distro=rhel-8.10&upstream=librepo-1.14.2-5.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/dbus-libs@1.12.8-27.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=dbus-1.12.8-27.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=rhel-8.10&upstream=glib2-2.56.4-168.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/chkconfig@1.19.2-1.el8?arch=x86_64&distro=rhel-8.10&upstream=chkconfig-1.19.2-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=rhel-8.10&epoch=2&upstream=tar-1.30-11.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libdb@5.3.28-42.el8_4?arch=x86_64&distro=rhel-8.10&upstream=libdb-5.3.28-42.el8_4.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/platform-python-setuptools@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/librhsm@0.0.3-5.el8?arch=x86_64&distro=rhel-8.10&upstream=librhsm-0.0.3-5.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/publicsuffix-list-dafsa@20180723-1.el8?arch=noarch&distro=rhel-8.10&upstream=publicsuffix-list-20180723-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gpg-pubkey@d4082792-5b32db75?distro=rhel-8.10" : { "evidence" : [ ] }, "pkg:rpm/redhat/readline@7.0-10.el8?arch=x86_64&distro=rhel-8.10&upstream=readline-7.0-10.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libdnf@0.63.0-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libdnf-0.63.0-21.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libusbx@1.0.23-4.el8?arch=x86_64&distro=rhel-8.10&upstream=libusbx-1.0.23-4.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsigsegv@2.11-5.el8?arch=x86_64&distro=rhel-8.10&upstream=libsigsegv-2.11-5.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ca-certificates@2025.2.80_v9.0.304-80.2.el8_10?arch=noarch&distro=rhel-8.10&upstream=ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=rhel-8.10&upstream=gawk-4.2.1-4.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libnsl2@1.2.0-2.20180605git4a062cf.el8?arch=x86_64&distro=rhel-8.10&upstream=libnsl2-1.2.0-2.20180605git4a062cf.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/brotli@1.0.6-4.el8_10?arch=x86_64&distro=rhel-8.10&upstream=brotli-1.0.6-4.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/crypto-policies-scripts@20230731-1.git3177e06.el8?arch=noarch&distro=rhel-8.10&upstream=crypto-policies-20230731-1.git3177e06.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/basesystem@11-5.el8?arch=noarch&distro=rhel-8.10&upstream=basesystem-11-5.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/popt@1.18-1.el8?arch=x86_64&distro=rhel-8.10&upstream=popt-1.18-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libidn2@2.2.0-1.el8?arch=x86_64&distro=rhel-8.10&upstream=libidn2-2.2.0-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/setup@2.12.2-9.el8?arch=noarch&distro=rhel-8.10&upstream=setup-2.12.2-9.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/tzdata@2026a-1.el8?arch=noarch&distro=rhel-8.10&upstream=tzdata-2026a-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64&distro=rhel-8.10&upstream=systemd-239-82.el8_10.15.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64&distro=rhel-8.10&upstream=libxml2-2.9.7-21.el8_10.3.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/grep@3.1-6.el8?arch=x86_64&distro=rhel-8.10&upstream=grep-3.1-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/mpfr@3.1.6-1.el8?arch=x86_64&distro=rhel-8.10&upstream=mpfr-3.1.6-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/redhat-release@8.10-0.3.el8?arch=x86_64&distro=rhel-8.10&upstream=redhat-release-8.10-0.3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libassuan@2.5.1-3.el8?arch=x86_64&distro=rhel-8.10&upstream=libassuan-2.5.1-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=rhel-8.10&upstream=elfutils-0.190-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=rhel-8.10&upstream=libgcrypt-1.8.5-7.el8_6.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/json-glib@1.4.4-1.el8?arch=x86_64&distro=rhel-8.10&upstream=json-glib-1.4.4-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gobject-introspection@1.56.1-1.el8?arch=x86_64&distro=rhel-8.10&upstream=gobject-introspection-1.56.1-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gnupg2-2.2.20-4.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libselinux@2.9-11.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libselinux-2.9-11.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsepol@2.9-3.el8?arch=x86_64&distro=rhel-8.10&upstream=libsepol-2.9-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:github/actions/checkout@v4" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgpg-error@1.31-1.el8?arch=x86_64&distro=rhel-8.10&upstream=libgpg-error-1.31-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch&distro=rhel-8.10&upstream=rootfiles-8.1-22.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=openldap-2.4.46-21.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/info@6.5-7.el8?arch=x86_64&distro=rhel-8.10&upstream=texinfo-6.5-7.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libdb-utils@5.3.28-42.el8_4?arch=x86_64&distro=rhel-8.10&upstream=libdb-5.3.28-42.el8_4.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libpsl@0.20.2-6.el8?arch=x86_64&distro=rhel-8.10&upstream=libpsl-0.20.2-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=rhel-8.10&upstream=coreutils-8.30-17.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcap-ng@0.7.11-1.el8?arch=x86_64&distro=rhel-8.10&upstream=libcap-ng-0.7.11-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/cyrus-sasl-lib@2.1.27-6.el8_5?arch=x86_64&distro=rhel-8.10&upstream=cyrus-sasl-2.1.27-6.el8_5.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/crypto-policies@20230731-1.git3177e06.el8?arch=noarch&distro=rhel-8.10&upstream=crypto-policies-20230731-1.git3177e06.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libffi@3.1-24.el8?arch=x86_64&distro=rhel-8.10&upstream=libffi-3.1-24.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre@8.42-6.el8?arch=x86_64&distro=rhel-8.10&upstream=pcre-8.42-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gdbm@1.18-2.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gdbm-1.18-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/audit-libs@3.1.2-1.el8_10.1?arch=x86_64&distro=rhel-8.10&upstream=audit-3.1.2-1.el8_10.1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=lz4-1.8.3-5.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/setuptools@39.2.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm" : { "evidence" : [ ] } } } ] } pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28-tpa-scan-pod | container step-oci-attach-report: Using token for quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd Attaching tpa-report-amd64.json to quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd@sha256:3256c4ec347b39c20f504484f30eefb1130437a2d703e8e4d257cf3367938d87 [retry] executing: oras attach --no-tty --format go-template=\{\{.digest\}\} --registry-config /tmp/auth/config.json --artifact-type application/vnd.redhat.tpa-report+json quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd@sha256:3256c4ec347b39c20f504484f30eefb1130437a2d703e8e4d257cf3367938d87 tpa-report-amd64.json:application/vnd.redhat.tpa-report+json pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fst28-tpa-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/tpa-report-amd64.json", "namespace": "required_checks", "successes": 4, "warnings": [ { "msg": "Found 6 critical vulnerabilities.", "metadata": { "details": { "description": "Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-32207), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-32207), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-32207), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-32207), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-3596)", "name": "rhtpa_critical_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 6 } }, { "msg": "Found 115 high vulnerabilities.", "metadata": { "details": { "description": "Source: osv-github. Affected dependencies: pkg:pypi/setuptools@39.2.0 [direct] (CVE-2024-6345, CVE-2022-40897); Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [direct] (CVE-2023-40217, CVE-2022-42919, CVE-2023-6597, CVE-2015-20107, CVE-2024-12718, CVE-2025-4517, CVE-2020-10735, CVE-2022-45061, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2021-28861, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519), pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm [direct] (CVE-2023-2953), pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm [direct] (CVE-2026-21945, CVE-2025-64720, CVE-2025-65018), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-1473, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-5363, CVE-2023-0286, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-42898, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2020-17049), pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-setuptools-39.2.0-9.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=xz-5.2.4-4.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-1271, CVE-2025-31115), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-40217, CVE-2022-42919, CVE-2023-6597, CVE-2015-20107, CVE-2024-12718, CVE-2025-4517, CVE-2020-10735, CVE-2022-45061, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2021-28861, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=expat-2.5.0-1.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtirpc-1.1.4-12.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2021-46828), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-1473, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-5363, CVE-2023-0286, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-42898, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2020-17049), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-1473, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-5363, CVE-2023-0286, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-42898, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2020-17049), pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-setuptools-39.2.0-9.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/javapackages-filesystem@5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6?arch=noarch\u0026distro=rhel-8.10\u0026upstream=javapackages-tools-5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-48734, CVE-2019-10086), pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=xz-5.2.4-4.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-1271, CVE-2025-31115), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-40217, CVE-2022-42919, CVE-2023-6597, CVE-2015-20107, CVE-2024-12718, CVE-2025-4517, CVE-2020-10735, CVE-2022-45061, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2021-28861, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/cups-libs@2.2.6-67.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=cups-2.2.6-67.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-58060, CVE-2024-47175, CVE-2023-34241), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=expat-2.5.0-1.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnutls-3.6.16-8.el8_10.5.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-2509, CVE-2024-0553, CVE-2024-0567, CVE-2023-0361), pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtirpc-1.1.4-12.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2021-46828), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/lua@5.3.4-12.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lua-5.3.4-12.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2021-44964), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-1473, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-5363, CVE-2023-0286, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-22576, CVE-2023-38545, CVE-2022-27775, CVE-2022-27782, CVE-2024-2398), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-22576, CVE-2023-38545, CVE-2025-15079, CVE-2022-27775, CVE-2022-27782, CVE-2024-2398), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-56171, CVE-2022-40304, CVE-2025-24928, CVE-2025-7425, CVE-2022-40303, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424, CVE-2022-29824), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-42898, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2020-17049), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=xz-5.2.4-4.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-1271, CVE-2025-31115), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-5318, CVE-2025-5987), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-5318, CVE-2025-5987), pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libarchive-3.3.3-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/brotli@1.0.6-4.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=brotli-1.0.6-4.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-1473, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-5363, CVE-2023-0286, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-22576, CVE-2023-38545, CVE-2022-27775, CVE-2022-27782, CVE-2024-2398), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-22576, CVE-2023-38545, CVE-2025-15079, CVE-2022-27775, CVE-2022-27782, CVE-2024-2398), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-56171, CVE-2022-40304, CVE-2025-24928, CVE-2025-7425, CVE-2022-40303, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424, CVE-2022-29824), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-42898, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2020-17049), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=xz-5.2.4-4.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-1271, CVE-2025-31115), pkg:rpm/redhat/libksba@1.3.5-9.el8_7?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libksba-1.3.5-9.el8_7.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-3515, CVE-2022-47629), pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnupg2-2.2.20-4.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-5318, CVE-2025-5987), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-5318, CVE-2025-5987), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libarchive-3.3.3-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glib2-2.56.4-168.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsolv-0.7.20-6.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-46877), pkg:rpm/redhat/brotli@1.0.6-4.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=brotli-1.0.6-4.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnutls-3.6.16-8.el8_10.5.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-2509, CVE-2024-0553, CVE-2024-0567, CVE-2023-0361), pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587)", "name": "rhtpa_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 115 } }, { "msg": "Found 185 medium vulnerabilities.", "metadata": { "details": { "description": "Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [direct] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm [direct] (CVE-2026-21933, CVE-2026-21925), pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm [direct] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm [direct] (CVE-2025-45582, CVE-2022-48303), pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm [direct] (CVE-2023-4641), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-1292, CVE-2022-2068, CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2020-1971, CVE-2022-4304, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2022-1343, CVE-2022-2097, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2022-4203, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-setuptools-39.2.0-9.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-40897), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-35737), pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=expat-2.5.0-1.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=gmp-6.1.2-11.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtasn1-4.13-5.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2021-46848, CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-1304), pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-pip-9.0.3-24.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-1292, CVE-2022-2068, CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2020-1971, CVE-2022-4304, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2022-1343, CVE-2022-2097, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2022-4203, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=gmp-6.1.2-11.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtasn1-4.13-5.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2021-46848, CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-1304), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-1292, CVE-2022-2068, CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2020-1971, CVE-2022-4304, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2022-1343, CVE-2022-2097, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2022-4203, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-setuptools-39.2.0-9.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-40897), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/cups-libs@2.2.6-67.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=cups-2.2.6-67.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-26691, CVE-2023-32360, CVE-2025-58364, CVE-2023-32324, CVE-2025-58436, CVE-2024-35235), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-35737), pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=expat-2.5.0-1.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnutls-3.6.16-8.el8_10.5.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/lua@5.3.4-12.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lua-5.3.4-12.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-33099, CVE-2022-28805, CVE-2021-43519), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/dbus-libs@1.12.8-27.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=dbus-1.12.8-27.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2023-34969), pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lua-5.3.4-12.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-33099, CVE-2022-28805, CVE-2021-43519, CVE-2021-44964), pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=gmp-6.1.2-11.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/avahi-libs@0.7-27.el8_10.1?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=avahi-0.7-27.el8_10.1.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2021-3468, CVE-2023-1981, CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472, CVE-2023-38473, CVE-2021-3502, CVE-2024-52615, CVE-2024-52616), pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=systemd-239-82.el8_10.15.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-7008, CVE-2022-3821, CVE-2022-4415, CVE-2022-45873, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtasn1-4.13-5.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2021-46848, CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libgcrypt-1.8.5-7.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-1304), pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-pip-9.0.3-24.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/alsa-lib@1.2.10-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=alsa-lib-1.2.10-2.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2026-25068), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-1292, CVE-2022-2068, CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2020-1971, CVE-2022-4304, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2022-1343, CVE-2022-2097, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2022-4203, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-32206, CVE-2023-23916, CVE-2022-43552, CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2022-32208, CVE-2023-46218, CVE-2025-9086, CVE-2022-27774, CVE-2022-32221, CVE-2022-27776, CVE-2023-27533), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-13034, CVE-2025-14819, CVE-2026-1965, CVE-2022-32206, CVE-2023-23916, CVE-2025-14524, CVE-2026-3784, CVE-2026-3805, CVE-2022-43552, CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2025-10966, CVE-2026-3783, CVE-2023-27538, CVE-2022-32208, CVE-2023-46218, CVE-2025-9086, CVE-2022-27774, CVE-2022-32221, CVE-2025-10148, CVE-2025-14017, CVE-2025-15224, CVE-2022-27776, CVE-2023-27533), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-39615, CVE-2025-9714, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-48795, CVE-2026-3731, CVE-2023-2283, CVE-2023-6004, CVE-2023-1667), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-48795, CVE-2026-3731, CVE-2023-2283, CVE-2023-6004, CVE-2023-1667), pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libarchive-3.3.3-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-26280, CVE-2022-36227, CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-35737), pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lua-5.3.4-12.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-33099, CVE-2022-28805, CVE-2021-43519, CVE-2021-44964), pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=gmp-6.1.2-11.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtasn1-4.13-5.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2021-46848, CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-1304), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-1292, CVE-2022-2068, CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2020-1971, CVE-2022-4304, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2022-1343, CVE-2022-2097, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2022-4203, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-32206, CVE-2023-23916, CVE-2022-43552, CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2022-32208, CVE-2023-46218, CVE-2025-9086, CVE-2022-27774, CVE-2022-32221, CVE-2022-27776, CVE-2023-27533), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-13034, CVE-2025-14819, CVE-2026-1965, CVE-2022-32206, CVE-2023-23916, CVE-2025-14524, CVE-2026-3784, CVE-2026-3805, CVE-2022-43552, CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2025-10966, CVE-2026-3783, CVE-2023-27538, CVE-2022-32208, CVE-2023-46218, CVE-2025-9086, CVE-2022-27774, CVE-2022-32221, CVE-2025-10148, CVE-2025-14017, CVE-2025-15224, CVE-2022-27776, CVE-2023-27533), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-39615, CVE-2025-9714, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnupg2-2.2.20-4.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-34903, CVE-2025-68972), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-48795, CVE-2026-3731, CVE-2023-2283, CVE-2023-6004, CVE-2023-1667), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-48795, CVE-2026-3731, CVE-2023-2283, CVE-2023-6004, CVE-2023-1667), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libarchive-3.3.3-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-26280, CVE-2022-36227, CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glib2-2.56.4-168.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-35737), pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsolv-0.7.20-6.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-28863, CVE-2021-44568), pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnutls-3.6.16-8.el8_10.5.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lua-5.3.4-12.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-33099, CVE-2022-28805, CVE-2021-43519, CVE-2021-44964), pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=gmp-6.1.2-11.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtasn1-4.13-5.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-46848, CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libgcrypt-1.8.5-7.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=systemd-239-82.el8_10.15.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-7008, CVE-2022-3821, CVE-2022-4415, CVE-2022-45873, CVE-2025-4598), pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-1304), pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=file-5.33-27.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2019-12900)", "name": "rhtpa_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 185 } }, { "msg": "Found 14 low vulnerabilities.", "metadata": { "details": { "description": "Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [direct] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm [direct] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546, CVE-2022-35252), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546, CVE-2022-35252), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-6170), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-6918), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-6918), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546, CVE-2022-35252), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546, CVE-2022-35252), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-6170), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-6918), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-6918), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glib2-2.56.4-168.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-34397), pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsolv-0.7.20-6.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-3200), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-2602)", "name": "rhtpa_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 14 } } ] } ] {"vulnerabilities":{"critical":6,"high":115,"medium":185,"low":14,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd:on-pr-bc682fe28febe268b1ae39157fc01568df7437f8", "digests": ["sha256:3256c4ec347b39c20f504484f30eefb1130437a2d703e8e4d257cf3367938d87"]}} {"result":"SUCCESS","timestamp":"2026-04-22T14:02:13+00:00","note":"Task tpa-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by TPA.","namespace":"default","successes":0,"failures":0,"warnings":0} New PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh found after retrigger for component forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh found for Component forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh reason: Failed attempt 2/3: PipelineRun "test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh" failed: pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh-init-pod | init container: prepare 2026/04/22 14:05:10 Entrypoint initialization pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh-init-pod | container step-init: time="2026-04-22T14:05:12Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-22T14:05:12Z" level=info msg="[param] enable: false" time="2026-04-22T14:05:12Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-22T14:05:12Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-22T14:05:12Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-22T14:05:12Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-22T14:05:12Z" level=info msg="Cache proxy is disabled in param or in backend" time="2026-04-22T14:05:12Z" level=info msg="[result] HTTP PROXY: " time="2026-04-22T14:05:12Z" level=info msg="[result] NO PROXY: " pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh-tpa-scan-pod | init container: prepare 2026/04/22 14:10:21 Entrypoint initialization pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh-tpa-scan-pod | init container: place-scripts 2026/04/22 14:10:22 Decoded script /tekton/scripts/script-0-r5slz 2026/04/22 14:10:22 Decoded script /tekton/scripts/script-1-jfv2v 2026/04/22 14:10:22 Decoded script /tekton/scripts/script-2-hfsp8 pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh-tpa-scan-pod | container step-get-vulnerabilities: Inspecting raw image manifest quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd@sha256:35f81c0f5e5b92451fcf6ad8d2fbbf001b6cd2964035acc1b8a84f26c5c910df. Selecting auth Using token for quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd Selecting auth Using token for quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation <image uri>'. Found SBOM of media type: text/spdx+json Running TPA scan on amd64 image manifest... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 360k 0 0 100 360k 0 481k --:--:-- --:--:-- --:--:-- 480k{ "scanned" : { "total" : 152, "direct" : 25, "transitive" : 127 }, "providers" : { "rhtpa" : { "status" : { "ok" : true, "name" : "rhtpa", "code" : 200, "message" : "OK", "warnings" : { "pkg:maven/io.github.stuartwdouglas.hacbstest.Main/hacbs-test" : [ "Unable to process: missing version component" ] } }, "sources" : { "osv-github" : { "summary" : { "direct" : 2, "transitive" : 0, "total" : 2, "dependencies" : 1, "critical" : 0, "high" : 2, "medium" : 0, "low" : 0, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:pypi/setuptools@39.2.0", "issues" : [ { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "osv-github", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "transitive" : [ ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "osv-github", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } } ] }, "redhat-csaf" : { "summary" : { "direct" : 50, "transitive" : 345, "total" : 395, "dependencies" : 57, "critical" : 7, "high" : 133, "medium" : 236, "low" : 19, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=openldap-2.4.46-21.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-21945", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-21945" ], "unique" : false }, { "id" : "CVE-2025-64720", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-64720" ], "unique" : false }, { "id" : "CVE-2025-65018", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-65018" ], "unique" : false }, { "id" : "CVE-2026-21933", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21933" ], "unique" : false }, { "id" : "CVE-2026-21925", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-21925" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false }, { "id" : "CVE-2025-47273", "title" : "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-47273" ], "unique" : false }, { "id" : "CVE-2022-40897", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-40897" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-6345", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-6345" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/javapackages-filesystem@5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6?arch=noarch&distro=rhel-8.10&upstream=javapackages-tools-5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6.src.rpm", "issues" : [ { "id" : "CVE-2025-48734", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-48734" ], "unique" : false }, { "id" : "CVE-2019-10086", "title" : "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2019-10086" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-48734", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2025-48734" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false }, { "id" : "CVE-2022-42919", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42919" ], "unique" : false }, { "id" : "CVE-2023-6597", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-6597" ], "unique" : false }, { "id" : "CVE-2015-20107", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2015-20107" ], "unique" : false }, { "id" : "CVE-2024-12718", "title" : "Bypass extraction filter to modify file metadata outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-12718" ], "unique" : false }, { "id" : "CVE-2025-4517", "title" : "Arbitrary writes via tarfile realpath overflow", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2025-4517" ], "unique" : false }, { "id" : "CVE-2020-10735", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2020-10735" ], "unique" : false }, { "id" : "CVE-2022-45061", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-45061" ], "unique" : false }, { "id" : "CVE-2023-24329", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-24329" ], "unique" : false }, { "id" : "CVE-2024-6232", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-6232" ], "unique" : false }, { "id" : "CVE-2025-12084", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-12084" ], "unique" : false }, { "id" : "CVE-2025-4138", "title" : "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4138" ], "unique" : false }, { "id" : "CVE-2025-4435", "title" : "Tarfile extracts filtered members when errorlevel=0", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-4435" ], "unique" : false }, { "id" : "CVE-2025-8194", "title" : "Tarfile infinite loop during parsing with negative member offset", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-8194" ], "unique" : false }, { "id" : "CVE-2021-28861", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2021-28861" ], "unique" : false }, { "id" : "CVE-2025-4330", "title" : "Extraction filter bypass for linking outside extraction directory", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-4330" ], "unique" : false }, { "id" : "CVE-2025-15366", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15366" ], "unique" : false }, { "id" : "CVE-2025-15367", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15367" ], "unique" : false }, { "id" : "CVE-2026-1299", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-1299" ], "unique" : false }, { "id" : "CVE-2026-4519", "title" : "webbrowser.open() allows leading dashes in URLs", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-4519" ], "unique" : false }, { "id" : "CVE-2024-6923", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6923" ], "unique" : false }, { "id" : "CVE-2025-0938", "title" : "URL parser allowed square brackets in domain names", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0938" ], "unique" : false }, { "id" : "CVE-2025-13836", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13836" ], "unique" : false }, { "id" : "CVE-2024-9287", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-9287" ], "unique" : false }, { "id" : "CVE-2024-0450", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0450" ], "unique" : false }, { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false }, { "id" : "CVE-2023-27043", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27043" ], "unique" : false }, { "id" : "CVE-2024-8088", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-8088" ], "unique" : false }, { "id" : "CVE-2024-0397", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0397" ], "unique" : false }, { "id" : "CVE-2024-7592", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2024-7592" ], "unique" : false }, { "id" : "CVE-2026-0865", "source" : "redhat-csaf", "cvssScore" : 4.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0865" ], "unique" : false }, { "id" : "CVE-2025-6069", "title" : "HTMLParser quadratic complexity when processing malformed inputs", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6069" ], "unique" : false }, { "id" : "CVE-2025-8291", "title" : "ZIP64 End of Central Directory (EOCD) Locator record offset not checked", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8291" ], "unique" : false }, { "id" : "CVE-2025-6075", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6075" ], "unique" : false }, { "id" : "CVE-2024-11168", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-11168" ], "unique" : false }, { "id" : "CVE-2024-4032", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-4032" ], "unique" : false }, { "id" : "CVE-2024-5642", "title" : "Buffer overread when using an empty list with SSLContext.set_npn_protocols()", "source" : "redhat-csaf", "cvssScore" : 2.7, "severity" : "LOW", "cves" : [ "CVE-2024-5642" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-40217", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2023-40217" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/cups-libs@2.2.6-67.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=cups-2.2.6-67.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-58060", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-58060" ], "unique" : false }, { "id" : "CVE-2024-47175", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2024-47175" ], "unique" : false }, { "id" : "CVE-2023-34241", "title" : "CUPS vulnerable to use-after-free in cupsdAcceptClient()", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-34241" ], "unique" : false }, { "id" : "CVE-2022-26691", "title" : "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-26691" ], "unique" : false }, { "id" : "CVE-2023-32360", "title" : "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32360" ], "unique" : false }, { "id" : "CVE-2025-58364", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-58364" ], "unique" : false }, { "id" : "CVE-2023-32324", "title" : "OpenPrinting CUPS vulnerable to heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32324" ], "unique" : false }, { "id" : "CVE-2025-58436", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-58436" ], "unique" : false }, { "id" : "CVE-2024-35235", "title" : "Cupsd Listen arbitrary chmod 0140777", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2024-35235" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-58060", "source" : "redhat-csaf", "cvssScore" : 8.0, "severity" : "HIGH", "cves" : [ "CVE-2025-58060" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false }, { "id" : "CVE-2024-28757", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-28757" ], "unique" : false }, { "id" : "CVE-2024-45490", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45490" ], "unique" : false }, { "id" : "CVE-2024-45491", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-45491" ], "unique" : false }, { "id" : "CVE-2024-8176", "title" : "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-8176" ], "unique" : false }, { "id" : "CVE-2024-45492", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2024-45492" ], "unique" : false }, { "id" : "CVE-2024-50602", "title" : "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-50602" ], "unique" : false }, { "id" : "CVE-2025-59375", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-59375" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-52425", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-52425" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=rhel-8.10&upstream=gnutls-3.6.16-8.el8_10.5.src.rpm", "issues" : [ { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false }, { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2023-0361", "title" : "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0361" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46828", "title" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46828" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false }, { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2021-44964" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/dbus-libs@1.12.8-27.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=dbus-1.12.8-27.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-42010", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42010" ], "unique" : false }, { "id" : "CVE-2022-42011", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42011" ], "unique" : false }, { "id" : "CVE-2022-42012", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42012" ], "unique" : false }, { "id" : "CVE-2023-34969", "title" : "D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-34969" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-42010", "title" : "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-42010" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false }, { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2021-44964" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/avahi-libs@0.7-27.el8_10.1?arch=x86_64&distro=rhel-8.10&upstream=avahi-0.7-27.el8_10.1.src.rpm", "issues" : [ { "id" : "CVE-2021-3468", "title" : "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3468" ], "unique" : false }, { "id" : "CVE-2023-1981", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1981" ], "unique" : false }, { "id" : "CVE-2023-38469", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38469" ], "unique" : false }, { "id" : "CVE-2023-38470", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38470" ], "unique" : false }, { "id" : "CVE-2023-38471", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38471" ], "unique" : false }, { "id" : "CVE-2023-38472", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38472" ], "unique" : false }, { "id" : "CVE-2023-38473", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-38473" ], "unique" : false }, { "id" : "CVE-2021-3502", "title" : "A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3502" ], "unique" : false }, { "id" : "CVE-2024-52615", "title" : "Avahi: avahi wide-area dns uses constant source port", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52615" ], "unique" : false }, { "id" : "CVE-2024-52616", "title" : "Avahi: avahi wide-area dns predictable transaction ids", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-52616" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-3468", "title" : "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-3468" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64&distro=rhel-8.10&upstream=systemd-239-82.el8_10.15.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2022-3821", "title" : "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3821" ], "unique" : false }, { "id" : "CVE-2022-4415", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4415" ], "unique" : false }, { "id" : "CVE-2022-45873", "title" : "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-45873" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=rhel-8.10&upstream=libgcrypt-1.8.5-7.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm", "issues" : [ { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2007-4559", "title" : "Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2007-4559" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/alsa-lib@1.2.10-2.el8?arch=x86_64&distro=rhel-8.10&upstream=alsa-lib-1.2.10-2.el8.src.rpm", "issues" : [ { "id" : "CVE-2026-25068", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25068" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-25068", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-25068" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm", "issues" : [ { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false }, { "id" : "CVE-2022-22576", "title" : "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2022-22576" ], "unique" : false }, { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2022-27775", "title" : "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27775" ], "unique" : false }, { "id" : "CVE-2022-27782", "title" : "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27782" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2022-32206", "title" : "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32206" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23916" ], "unique" : false }, { "id" : "CVE-2022-43552", "title" : "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-43552" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2022-32208", "title" : "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32208" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2022-27774", "title" : "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27774" ], "unique" : false }, { "id" : "CVE-2022-32221", "title" : "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32221" ], "unique" : false }, { "id" : "CVE-2022-27776", "title" : "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27776" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false }, { "id" : "CVE-2022-35252", "title" : "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2022-35252" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm", "issues" : [ { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false }, { "id" : "CVE-2022-22576", "title" : "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2022-22576" ], "unique" : false }, { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2025-15079", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15079" ], "unique" : false }, { "id" : "CVE-2022-27775", "title" : "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27775" ], "unique" : false }, { "id" : "CVE-2022-27782", "title" : "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27782" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2025-13034", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13034" ], "unique" : false }, { "id" : "CVE-2025-14819", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14819" ], "unique" : false }, { "id" : "CVE-2026-1965", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1965" ], "unique" : false }, { "id" : "CVE-2022-32206", "title" : "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32206" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23916" ], "unique" : false }, { "id" : "CVE-2025-14524", "title" : "bearer token leak on cross-protocol redirect", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14524" ], "unique" : false }, { "id" : "CVE-2026-3784", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3784" ], "unique" : false }, { "id" : "CVE-2026-3805", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3805" ], "unique" : false }, { "id" : "CVE-2022-43552", "title" : "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-43552" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2025-10966", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-10966" ], "unique" : false }, { "id" : "CVE-2026-3783", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3783" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2022-32208", "title" : "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32208" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2022-27774", "title" : "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27774" ], "unique" : false }, { "id" : "CVE-2022-32221", "title" : "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32221" ], "unique" : false }, { "id" : "CVE-2025-10148", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-10148" ], "unique" : false }, { "id" : "CVE-2025-14017", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14017" ], "unique" : false }, { "id" : "CVE-2025-15224", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15224" ], "unique" : false }, { "id" : "CVE-2022-27776", "title" : "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27776" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false }, { "id" : "CVE-2022-35252", "title" : "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2022-35252" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64&distro=rhel-8.10&upstream=libxml2-2.9.7-21.el8_10.3.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2022-40304", "title" : "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-40304" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2022-40303", "title" : "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40303" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2022-29824", "title" : "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2022-29824" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false }, { "id" : "CVE-2025-5987", "title" : "Libssh: invalid return code for chacha20 poly1305 with openssl backend", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5987" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2026-3731", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3731" ], "unique" : false }, { "id" : "CVE-2023-2283", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2283" ], "unique" : false }, { "id" : "CVE-2023-6004", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6004" ], "unique" : false }, { "id" : "CVE-2023-1667", "title" : "A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1667" ], "unique" : false }, { "id" : "CVE-2023-6918", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-6918" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false }, { "id" : "CVE-2025-5987", "title" : "Libssh: invalid return code for chacha20 poly1305 with openssl backend", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5987" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2026-3731", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3731" ], "unique" : false }, { "id" : "CVE-2023-2283", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2283" ], "unique" : false }, { "id" : "CVE-2023-6004", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6004" ], "unique" : false }, { "id" : "CVE-2023-1667", "title" : "A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1667" ], "unique" : false }, { "id" : "CVE-2023-6918", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-6918" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libarchive-3.3.3-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2022-26280", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-26280" ], "unique" : false }, { "id" : "CVE-2022-36227", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-36227" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64&distro=rhel-8.10&upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli@1.0.6-4.el8_10?arch=x86_64&distro=rhel-8.10&upstream=brotli-1.0.6-4.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=openldap-2.4.46-21.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false }, { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2021-44964" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64&distro=rhel-8.10&upstream=microdnf-3.8.0-2.el8.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2022-1473", "title" : "Resource leakage when decoding certificates and keys", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1473" ], "unique" : false }, { "id" : "CVE-2022-3358", "title" : "Using a Custom Cipher with NID_undef may lead to NULL encryption", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3358" ], "unique" : false }, { "id" : "CVE-2022-3602", "title" : "X.509 Email Address 4-byte Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3602" ], "unique" : false }, { "id" : "CVE-2022-3786", "title" : "X.509 Email Address Variable Length Buffer Overflow", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-3786" ], "unique" : false }, { "id" : "CVE-2022-4450", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-4450" ], "unique" : false }, { "id" : "CVE-2023-0215", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0215" ], "unique" : false }, { "id" : "CVE-2023-0216", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0216" ], "unique" : false }, { "id" : "CVE-2023-0217", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0217" ], "unique" : false }, { "id" : "CVE-2023-0401", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-0401" ], "unique" : false }, { "id" : "CVE-2023-5363", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2023-0286", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0286" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2022-1292", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1292" ], "unique" : false }, { "id" : "CVE-2022-2068", "source" : "redhat-csaf", "cvssScore" : 6.7, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2068" ], "unique" : false }, { "id" : "CVE-2023-2650", "title" : "Possible DoS translating ASN.1 object identifiers", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2650" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2020-1971", "title" : "EDIPARTYNAME NULL pointer dereference", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2020-1971" ], "unique" : false }, { "id" : "CVE-2022-4304", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4304" ], "unique" : false }, { "id" : "CVE-2023-0464", "title" : "Excessive Resource Usage Verifying X.509 Policy Constraints", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0464" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2022-1343", "title" : "OCSP_basic_verify may incorrectly verify the response signing certificate", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1343" ], "unique" : false }, { "id" : "CVE-2022-2097", "title" : "AES OCB fails to encrypt some bytes", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-2097" ], "unique" : false }, { "id" : "CVE-2023-0465", "title" : "Invalid certificate policies in leaf certificates are silently ignored", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0465" ], "unique" : false }, { "id" : "CVE-2023-0466", "title" : "Certificate policy check not enabled", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-0466" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2023-1255", "title" : "Input buffer over-read in AES-XTS implementation on 64 bit ARM", "source" : "redhat-csaf", "cvssScore" : 5.1, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1255" ], "unique" : false }, { "id" : "CVE-2022-4203", "source" : "redhat-csaf", "cvssScore" : 4.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4203" ], "unique" : false }, { "id" : "CVE-2025-68160", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm", "issues" : [ { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false }, { "id" : "CVE-2022-22576", "title" : "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2022-22576" ], "unique" : false }, { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2022-27775", "title" : "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27775" ], "unique" : false }, { "id" : "CVE-2022-27782", "title" : "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27782" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2022-32206", "title" : "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32206" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23916" ], "unique" : false }, { "id" : "CVE-2022-43552", "title" : "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-43552" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2022-32208", "title" : "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32208" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2022-27774", "title" : "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27774" ], "unique" : false }, { "id" : "CVE-2022-32221", "title" : "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32221" ], "unique" : false }, { "id" : "CVE-2022-27776", "title" : "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27776" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false }, { "id" : "CVE-2022-35252", "title" : "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2022-35252" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm", "issues" : [ { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false }, { "id" : "CVE-2022-22576", "title" : "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2022-22576" ], "unique" : false }, { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2025-15079", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-15079" ], "unique" : false }, { "id" : "CVE-2022-27775", "title" : "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27775" ], "unique" : false }, { "id" : "CVE-2022-27782", "title" : "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-27782" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2025-13034", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13034" ], "unique" : false }, { "id" : "CVE-2025-14819", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14819" ], "unique" : false }, { "id" : "CVE-2026-1965", "source" : "redhat-csaf", "cvssScore" : 6.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1965" ], "unique" : false }, { "id" : "CVE-2022-32206", "title" : "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32206" ], "unique" : false }, { "id" : "CVE-2023-23916", "title" : "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-23916" ], "unique" : false }, { "id" : "CVE-2025-14524", "title" : "bearer token leak on cross-protocol redirect", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14524" ], "unique" : false }, { "id" : "CVE-2026-3784", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3784" ], "unique" : false }, { "id" : "CVE-2026-3805", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3805" ], "unique" : false }, { "id" : "CVE-2022-43552", "title" : "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-43552" ], "unique" : false }, { "id" : "CVE-2023-27535", "title" : "An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27535" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28321" ], "unique" : false }, { "id" : "CVE-2025-10966", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-10966" ], "unique" : false }, { "id" : "CVE-2026-3783", "source" : "redhat-csaf", "cvssScore" : 5.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3783" ], "unique" : false }, { "id" : "CVE-2023-27538", "title" : "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27538" ], "unique" : false }, { "id" : "CVE-2022-32208", "title" : "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32208" ], "unique" : false }, { "id" : "CVE-2023-46218", "title" : "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-46218" ], "unique" : false }, { "id" : "CVE-2025-9086", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9086" ], "unique" : false }, { "id" : "CVE-2022-27774", "title" : "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27774" ], "unique" : false }, { "id" : "CVE-2022-32221", "title" : "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-32221" ], "unique" : false }, { "id" : "CVE-2025-10148", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-10148" ], "unique" : false }, { "id" : "CVE-2025-14017", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14017" ], "unique" : false }, { "id" : "CVE-2025-15224", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15224" ], "unique" : false }, { "id" : "CVE-2022-27776", "title" : "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2022-27776" ], "unique" : false }, { "id" : "CVE-2023-27533", "title" : "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27533" ], "unique" : false }, { "id" : "CVE-2023-27534", "title" : "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-27534" ], "unique" : false }, { "id" : "CVE-2023-28322", "title" : "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-28322" ], "unique" : false }, { "id" : "CVE-2023-38546", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-38546" ], "unique" : false }, { "id" : "CVE-2022-35252", "title" : "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", "source" : "redhat-csaf", "cvssScore" : 3.1, "severity" : "LOW", "cves" : [ "CVE-2022-35252" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-32207", "title" : "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2022-32207" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64&distro=rhel-8.10&upstream=libxml2-2.9.7-21.el8_10.3.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2022-40304", "title" : "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2022-40304" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2022-40303", "title" : "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-40303" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2022-29824", "title" : "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2022-29824" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2025-9714", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2022-42898", "title" : "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-42898" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2020-17049", "title" : "Kerberos KDC Security Feature Bypass Vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.2, "severity" : "HIGH", "cves" : [ "CVE-2020-17049" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false }, { "id" : "CVE-2025-31115", "title" : "XZ has a heap-use-after-free bug in threaded .xz decoder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-31115" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1271", "title" : "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2022-1271" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libksba@1.3.5-9.el8_7?arch=x86_64&distro=rhel-8.10&upstream=libksba-1.3.5-9.el8_7.src.rpm", "issues" : [ { "id" : "CVE-2022-3515", "title" : "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-3515" ], "unique" : false }, { "id" : "CVE-2022-47629", "title" : "Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-47629" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3515", "title" : "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.", "source" : "redhat-csaf", "cvssScore" : 8.6, "severity" : "HIGH", "cves" : [ "CVE-2022-3515" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gnupg2-2.2.20-4.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2022-34903", "title" : "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-34903" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false }, { "id" : "CVE-2025-5987", "title" : "Libssh: invalid return code for chacha20 poly1305 with openssl backend", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5987" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2026-3731", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3731" ], "unique" : false }, { "id" : "CVE-2023-2283", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2283" ], "unique" : false }, { "id" : "CVE-2023-6004", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6004" ], "unique" : false }, { "id" : "CVE-2023-1667", "title" : "A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1667" ], "unique" : false }, { "id" : "CVE-2023-6918", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-6918" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false }, { "id" : "CVE-2025-5987", "title" : "Libssh: invalid return code for chacha20 poly1305 with openssl backend", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5987" ], "unique" : false }, { "id" : "CVE-2023-48795", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-48795" ], "unique" : false }, { "id" : "CVE-2026-3731", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3731" ], "unique" : false }, { "id" : "CVE-2023-2283", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2283" ], "unique" : false }, { "id" : "CVE-2023-6004", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6004" ], "unique" : false }, { "id" : "CVE-2023-1667", "title" : "A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.", "source" : "redhat-csaf", "cvssScore" : 4.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-1667" ], "unique" : false }, { "id" : "CVE-2023-6918", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2023-6918" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5318", "title" : "Libssh: out-of-bounds read in sftp_handle()", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2025-5318" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libarchive-3.3.3-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false }, { "id" : "CVE-2026-4111", "title" : "Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4111" ], "unique" : false }, { "id" : "CVE-2026-4424", "title" : "Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-4424" ], "unique" : false }, { "id" : "CVE-2026-5121", "title" : "Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-5121" ], "unique" : false }, { "id" : "CVE-2022-26280", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-26280" ], "unique" : false }, { "id" : "CVE-2022-36227", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-36227" ], "unique" : false }, { "id" : "CVE-2025-60753", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-60753" ], "unique" : false }, { "id" : "CVE-2024-57970", "title" : "libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-57970" ], "unique" : false }, { "id" : "CVE-2025-25724", "title" : "list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-25724" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-5914", "title" : "Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-5914" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=rhel-8.10&upstream=glib2-2.56.4-168.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false }, { "id" : "CVE-2024-52533", "title" : "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2024-52533" ], "unique" : false }, { "id" : "CVE-2023-32611", "title" : "G_variant_byteswap() can take a long time with some non-normal inputs", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32611" ], "unique" : false }, { "id" : "CVE-2023-32665", "title" : "Gvariant deserialisation does not match spec for non-normal data", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-32665" ], "unique" : false }, { "id" : "CVE-2025-14512", "title" : "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14512" ], "unique" : false }, { "id" : "CVE-2023-29499", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29499" ], "unique" : false }, { "id" : "CVE-2025-14087", "title" : "Glib: glib: buffer underflow in gvariant parser leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14087" ], "unique" : false }, { "id" : "CVE-2025-4373", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4373" ], "unique" : false }, { "id" : "CVE-2024-34397", "source" : "redhat-csaf", "cvssScore" : 3.8, "severity" : "LOW", "cves" : [ "CVE-2024-34397" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-13601", "title" : "Glib: integer overflow in in g_escape_uri_string()", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-13601" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false }, { "id" : "CVE-2023-7104", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2023-7104" ], "unique" : false }, { "id" : "CVE-2025-3277", "title" : "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "source" : "redhat-csaf", "cvssScore" : 7.3, "severity" : "HIGH", "cves" : [ "CVE-2025-3277" ], "unique" : false }, { "id" : "CVE-2022-35737", "title" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-35737" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6965", "title" : "Integer Truncation on SQLite", "source" : "redhat-csaf", "cvssScore" : 7.7, "severity" : "HIGH", "cves" : [ "CVE-2025-6965" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=rhel-8.10&upstream=libsolv-0.7.20-6.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-33928", "title" : "Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-33928" ], "unique" : false }, { "id" : "CVE-2021-33929", "title" : "Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-33929" ], "unique" : false }, { "id" : "CVE-2021-33930", "title" : "Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-33930" ], "unique" : false }, { "id" : "CVE-2021-33938", "title" : "Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-33938" ], "unique" : false }, { "id" : "CVE-2021-46877", "title" : "jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-46877" ], "unique" : false }, { "id" : "CVE-2024-28863", "title" : "node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28863" ], "unique" : false }, { "id" : "CVE-2021-44568", "title" : "Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-44568" ], "unique" : false }, { "id" : "CVE-2021-3200", "title" : "Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2021-3200" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-33928", "title" : "Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2021-33928" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/brotli@1.0.6-4.el8_10?arch=x86_64&distro=rhel-8.10&upstream=brotli-1.0.6-4.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-6176", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6176" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=rhel-8.10&upstream=gnutls-3.6.16-8.el8_10.5.src.rpm", "issues" : [ { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false }, { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2023-0361", "title" : "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2023-0361" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2024-28835", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-2509", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-2509" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64&distro=rhel-8.10&upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm", "issues" : [ { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false }, { "id" : "CVE-2026-27135", "title" : "nghttp2 Denial of service: Assertion failure due to the missing state validation", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-27135" ], "unique" : false }, { "id" : "CVE-2024-28182", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28182" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-44487", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-44487" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=openldap-2.4.46-21.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2953", "title" : "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2023-2953" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm", "issues" : [ { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false }, { "id" : "CVE-2022-28805", "title" : "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2022-28805" ], "unique" : false }, { "id" : "CVE-2021-43519", "title" : "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43519" ], "unique" : false }, { "id" : "CVE-2021-44964", "title" : "Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2021-44964" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-33099", "title" : "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-33099" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false }, { "id" : "CVE-2021-35939", "title" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35939" ], "unique" : false }, { "id" : "CVE-2021-35937", "title" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35937" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-35938", "title" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2021-35938" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm", "issues" : [ { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-43618", "title" : "GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2021-43618" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false }, { "id" : "CVE-2026-27456", "title" : "util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2026-27456" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-14104", "title" : "Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14104" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false }, { "id" : "CVE-2025-13151", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-13151" ], "unique" : false }, { "id" : "CVE-2024-12133", "title" : "Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12133" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2021-46848", "title" : "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2021-46848" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=rhel-8.10&upstream=libgcrypt-1.8.5-7.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2236", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-2236" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64&distro=rhel-8.10&upstream=systemd-239-82.el8_10.15.src.rpm", "issues" : [ { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false }, { "id" : "CVE-2022-3821", "title" : "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3821" ], "unique" : false }, { "id" : "CVE-2022-4415", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-4415" ], "unique" : false }, { "id" : "CVE-2022-45873", "title" : "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-45873" ], "unique" : false }, { "id" : "CVE-2025-4598", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-4598" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-7008", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-7008" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1304", "title" : "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "source" : "redhat-csaf", "cvssScore" : 5.8, "severity" : "MEDIUM", "cves" : [ "CVE-2022-1304" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=rhel-8.10&upstream=file-5.33-27.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-48554", "title" : "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48554" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=rhel-8.10&epoch=2&upstream=tar-1.30-11.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2025-45582", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-45582" ], "unique" : false }, { "id" : "CVE-2022-48303", "title" : "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2022-48303" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm", "issues" : [ { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false }, { "id" : "CVE-2022-37434", "title" : "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2022-37434" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2018-25032", "title" : "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2018-25032" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=lz4-1.8.3-5.el8_10.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch&distro=rhel-8.10&upstream=rootfiles-8.1-22.el8.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libsemanage-2.9-12.el8_10.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=rhel-8.10&epoch=2&upstream=shadow-utils-4.6-23.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2023-4641", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4641" ], "unique" : false }, { "id" : "CVE-2024-56433", "title" : "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "source" : "redhat-csaf", "cvssScore" : 3.6, "severity" : "LOW", "cves" : [ "CVE-2024-56433" ], "unique" : false } ], "transitive" : [ { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "u 100 1010k 0 649k 100 360k 854k 474k --:--:-- --:--:-- --:--:-- 1327k nique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2023-4806", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm", "issues" : [ { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false }, { "id" : "CVE-2023-2602", "title" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "source" : "redhat-csaf", "cvssScore" : 3.3, "severity" : "LOW", "cves" : [ "CVE-2023-2602" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-2603", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-2603" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm", "issues" : [ { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false }, { "id" : "CVE-2025-69720", "title" : "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-69720" ], "unique" : false }, { "id" : "CVE-2022-29458", "title" : "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2022-29458" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-29491", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-29491" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm", "issues" : [ { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false }, { "id" : "CVE-2022-1587", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1587" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-1586", "title" : "An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2022-1586" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2022-3715", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2022-3715" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2020-11023", "title" : "Potential XSS vulnerability in jQuery", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2020-11023" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm", "issues" : [ { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2019-12900", "title" : "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "source" : "redhat-csaf", "cvssScore" : 4.4, "severity" : "MEDIUM", "cves" : [ "CVE-2019-12900" ], "unique" : false } } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } } ] } } } }, "licenses" : [ { "status" : { "ok" : false, "name" : "deps.dev", "code" : 400, "message" : "Bad Request: invalid purl \"pkg:maven/io.github.stuartwdouglas.hacbstest.Main/hacbs-test\" at request index 23", "warnings" : { } }, "summary" : { "total" : 1, "concluded" : 120, "permissive" : 1, "weakCopyleft" : 0, "strongCopyleft" : 0, "unknown" : 0, "deprecated" : 0, "osiApproved" : 1, "fsfLibre" : 1 }, "packages" : { "pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64&distro=rhel-8.10&upstream=zlib-1.2.11-25.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64&distro=rhel-8.10&upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/p11-kit@0.23.22-2.el8?arch=x86_64&distro=rhel-8.10&upstream=p11-kit-0.23.22-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libxcrypt@4.1.1-6.el8?arch=x86_64&distro=rhel-8.10&upstream=libxcrypt-4.1.1-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/sed@4.5-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sed-4.5-5.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/filesystem@3.8-6.el8?arch=x86_64&distro=rhel-8.10&upstream=filesystem-3.8-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64&distro=rhel-8.10&upstream=libsolv-0.7.20-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libsemanage-2.9-12.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/nettle@3.4.1-7.el8?arch=x86_64&distro=rhel-8.10&upstream=nettle-3.4.1-7.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libverto@0.3.2-2.el8?arch=x86_64&distro=rhel-8.10&upstream=libverto-0.3.2-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gpg-pubkey@fd431d51-4ae0493b?distro=rhel-8.10" : { "evidence" : [ ] }, "pkg:rpm/redhat/gdbm-libs@1.18-2.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gdbm-1.18-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=rhel-8.10&upstream=xz-5.2.4-4.el8_6.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libunistring@0.9.9-3.el8?arch=x86_64&distro=rhel-8.10&upstream=libunistring-0.9.9-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=openssl-1.1.1k-15.el8_6.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64&distro=rhel-8.10&upstream=lua-5.3.4-12.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/platform-python@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64&distro=rhel-8.10&epoch=2&upstream=shadow-utils-4.6-23.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/json-c@0.13.1-3.el8?arch=x86_64&distro=rhel-8.10&upstream=json-c-0.13.1-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtasn1-4.13-5.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libyaml@0.1.7-5.el8?arch=x86_64&distro=rhel-8.10&upstream=libyaml-0.1.7-5.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libksba@1.3.5-9.el8_7?arch=x86_64&distro=rhel-8.10&upstream=libksba-1.3.5-9.el8_7.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=krb5-1.18.2-32.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64&distro=rhel-8.10&upstream=file-5.33-27.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gpgme@1.13.1-12.el8?arch=x86_64&distro=rhel-8.10&upstream=gpgme-1.13.1-12.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libacl@2.2.53-3.el8?arch=x86_64&distro=rhel-8.10&upstream=acl-2.2.53-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libarchive-3.3.3-7.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libmodulemd@2.13.0-1.el8?arch=x86_64&distro=rhel-8.10&upstream=libmodulemd-2.13.0-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/p11-kit-trust@0.23.22-2.el8?arch=x86_64&distro=rhel-8.10&upstream=p11-kit-0.23.22-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libzstd@1.4.4-1.el8?arch=x86_64&distro=rhel-8.10&upstream=zstd-1.4.4-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64&distro=rhel-8.10&upstream=libcap-2.48-6.el8_9.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libtirpc-1.1.4-12.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch&distro=rhel-8.10&upstream=python-pip-9.0.3-24.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64&distro=rhel-8.10&upstream=pcre2-10.32-3.el8_6.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/langpacks-en@1.0-12.el8?arch=noarch&distro=rhel-8.10&upstream=langpacks-1.0-12.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bzip2-1.0.6-28.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/keyutils-libs@1.5.10-9.el8?arch=x86_64&distro=rhel-8.10&upstream=keyutils-1.5.10-9.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64&distro=rhel-8.10&upstream=gnutls-3.6.16-8.el8_10.5.src.rpm" : { "evidence" : [ ] }, "pkg:github/beatlabs/delete-old-branches-action@v0.0.10" : { "evidence" : [ ] }, "pkg:rpm/redhat/findutils@4.6.0-24.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=findutils-4.6.0-24.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libattr@2.4.48-3.el8?arch=x86_64&distro=rhel-8.10&upstream=attr-2.4.48-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/npth@1.5-4.el8?arch=x86_64&distro=rhel-8.10&upstream=npth-1.5-4.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/librepo@1.14.2-5.el8?arch=x86_64&distro=rhel-8.10&upstream=librepo-1.14.2-5.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/dbus-libs@1.12.8-27.el8_10?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=dbus-1.12.8-27.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64&distro=rhel-8.10&upstream=glib2-2.56.4-168.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/chkconfig@1.19.2-1.el8?arch=x86_64&distro=rhel-8.10&upstream=chkconfig-1.19.2-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64&distro=rhel-8.10&epoch=2&upstream=tar-1.30-11.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libdb@5.3.28-42.el8_4?arch=x86_64&distro=rhel-8.10&upstream=libdb-5.3.28-42.el8_4.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch&distro=rhel-8.10&upstream=libssh-0.9.6-16.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/platform-python-setuptools@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/librhsm@0.0.3-5.el8?arch=x86_64&distro=rhel-8.10&upstream=librhsm-0.0.3-5.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/publicsuffix-list-dafsa@20180723-1.el8?arch=noarch&distro=rhel-8.10&upstream=publicsuffix-list-20180723-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch&distro=rhel-8.10&upstream=python-setuptools-39.2.0-9.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gpg-pubkey@d4082792-5b32db75?distro=rhel-8.10" : { "evidence" : [ ] }, "pkg:rpm/redhat/readline@7.0-10.el8?arch=x86_64&distro=rhel-8.10&upstream=readline-7.0-10.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libdnf@0.63.0-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libdnf-0.63.0-21.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libusbx@1.0.23-4.el8?arch=x86_64&distro=rhel-8.10&upstream=libusbx-1.0.23-4.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsigsegv@2.11-5.el8?arch=x86_64&distro=rhel-8.10&upstream=libsigsegv-2.11-5.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64&distro=rhel-8.10&upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64&distro=rhel-8.10&upstream=python3-3.6.8-75.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ca-certificates@2025.2.80_v9.0.304-80.2.el8_10?arch=noarch&distro=rhel-8.10&upstream=ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gawk@4.2.1-4.el8?arch=x86_64&distro=rhel-8.10&upstream=gawk-4.2.1-4.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libnsl2@1.2.0-2.20180605git4a062cf.el8?arch=x86_64&distro=rhel-8.10&upstream=libnsl2-1.2.0-2.20180605git4a062cf.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64&distro=rhel-8.10&upstream=ncurses-6.1-10.20180224.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/brotli@1.0.6-4.el8_10?arch=x86_64&distro=rhel-8.10&upstream=brotli-1.0.6-4.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/crypto-policies-scripts@20230731-1.git3177e06.el8?arch=noarch&distro=rhel-8.10&upstream=crypto-policies-20230731-1.git3177e06.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/basesystem@11-5.el8?arch=noarch&distro=rhel-8.10&upstream=basesystem-11-5.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/popt@1.18-1.el8?arch=x86_64&distro=rhel-8.10&upstream=popt-1.18-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libidn2@2.2.0-1.el8?arch=x86_64&distro=rhel-8.10&upstream=libidn2-2.2.0-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/setup@2.12.2-9.el8?arch=noarch&distro=rhel-8.10&upstream=setup-2.12.2-9.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/tzdata@2026a-1.el8?arch=noarch&distro=rhel-8.10&upstream=tzdata-2026a-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64&distro=rhel-8.10&upstream=systemd-239-82.el8_10.15.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64&distro=rhel-8.10&upstream=libxml2-2.9.7-21.el8_10.3.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/grep@3.1-6.el8?arch=x86_64&distro=rhel-8.10&upstream=grep-3.1-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/mpfr@3.1.6-1.el8?arch=x86_64&distro=rhel-8.10&upstream=mpfr-3.1.6-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/redhat-release@8.10-0.3.el8?arch=x86_64&distro=rhel-8.10&upstream=redhat-release-8.10-0.3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64&distro=rhel-8.10&upstream=sqlite-3.26.0-20.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64&distro=rhel-8.10&upstream=bash-4.4.20-6.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libassuan@2.5.1-3.el8?arch=x86_64&distro=rhel-8.10&upstream=libassuan-2.5.1-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/elfutils-libelf@0.190-2.el8?arch=x86_64&distro=rhel-8.10&upstream=elfutils-0.190-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64&distro=rhel-8.10&upstream=libgcrypt-1.8.5-7.el8_6.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/json-glib@1.4.4-1.el8?arch=x86_64&distro=rhel-8.10&upstream=json-glib-1.4.4-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gobject-introspection@1.56.1-1.el8?arch=x86_64&distro=rhel-8.10&upstream=gobject-introspection-1.56.1-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gnupg2-2.2.20-4.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64&distro=rhel-8.10&upstream=glibc-2.28-251.el8_10.31.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64&distro=rhel-8.10&upstream=gcc-8.5.0-28.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libselinux@2.9-11.el8_10?arch=x86_64&distro=rhel-8.10&upstream=libselinux-2.9-11.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gmp-6.1.2-11.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libsepol@2.9-3.el8?arch=x86_64&distro=rhel-8.10&upstream=libsepol-2.9-3.el8.src.rpm" : { "evidence" : [ ] }, "pkg:github/actions/checkout@v4" : { "evidence" : [ ] }, "pkg:rpm/redhat/libgpg-error@1.31-1.el8?arch=x86_64&distro=rhel-8.10&upstream=libgpg-error-1.31-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch&distro=rhel-8.10&upstream=rootfiles-8.1-22.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64&distro=rhel-8.10&upstream=openldap-2.4.46-21.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/info@6.5-7.el8?arch=x86_64&distro=rhel-8.10&upstream=texinfo-6.5-7.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64&distro=rhel-8.10&upstream=curl-7.61.1-34.el8_10.11.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libdb-utils@5.3.28-42.el8_4?arch=x86_64&distro=rhel-8.10&upstream=libdb-5.3.28-42.el8_4.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libpsl@0.20.2-6.el8?arch=x86_64&distro=rhel-8.10&upstream=libpsl-0.20.2-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/coreutils-single@8.30-17.el8_10?arch=x86_64&distro=rhel-8.10&upstream=coreutils-8.30-17.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libcap-ng@0.7.11-1.el8?arch=x86_64&distro=rhel-8.10&upstream=libcap-ng-0.7.11-1.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64&distro=rhel-8.10&upstream=rpm-4.14.3-32.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/cyrus-sasl-lib@2.1.27-6.el8_5?arch=x86_64&distro=rhel-8.10&upstream=cyrus-sasl-2.1.27-6.el8_5.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/crypto-policies@20230731-1.git3177e06.el8?arch=noarch&distro=rhel-8.10&upstream=crypto-policies-20230731-1.git3177e06.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libffi@3.1-24.el8?arch=x86_64&distro=rhel-8.10&upstream=libffi-3.1-24.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/pcre@8.42-6.el8?arch=x86_64&distro=rhel-8.10&upstream=pcre-8.42-6.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/gdbm@1.18-2.el8?arch=x86_64&distro=rhel-8.10&epoch=1&upstream=gdbm-1.18-2.el8.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/audit-libs@3.1.2-1.el8_10.1?arch=x86_64&distro=rhel-8.10&upstream=audit-3.1.2-1.el8_10.1.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64&distro=rhel-8.10&upstream=lz4-1.8.3-5.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:pypi/setuptools@39.2.0" : { "concluded" : { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" }, "evidence" : [ { "identifiers" : [ { "id" : "MIT", "name" : "MIT License", "isDeprecated" : false, "isOsiApproved" : true, "isFsfLibre" : true, "category" : "PERMISSIVE" } ], "expression" : "MIT", "name" : "MIT License", "category" : "PERMISSIVE", "source" : "deps.dev", "sourceUrl" : "https://api.deps.dev" } ] }, "pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64&distro=rhel-8.10&upstream=expat-2.5.0-1.el8_10.src.rpm" : { "evidence" : [ ] }, "pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64&distro=rhel-8.10&upstream=util-linux-2.32.1-48.el8_10.src.rpm" : { "evidence" : [ ] } } } ] } pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh-tpa-scan-pod | container step-oci-attach-report: Using token for quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd Attaching tpa-report-amd64.json to quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd@sha256:35f81c0f5e5b92451fcf6ad8d2fbbf001b6cd2964035acc1b8a84f26c5c910df [retry] executing: oras attach --no-tty --format go-template=\{\{.digest\}\} --registry-config /tmp/auth/config.json --artifact-type application/vnd.redhat.tpa-report+json quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd@sha256:35f81c0f5e5b92451fcf6ad8d2fbbf001b6cd2964035acc1b8a84f26c5c910df tpa-report-amd64.json:application/vnd.redhat.tpa-report+json pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-fwcsh-tpa-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/tpa-report-amd64.json", "namespace": "required_checks", "successes": 4, "warnings": [ { "msg": "Found 6 critical vulnerabilities.", "metadata": { "details": { "description": "Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-32207), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-32207), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-3596), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-15467), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-32207), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-32207), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-40896, CVE-2025-49794, CVE-2025-49796), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-3596)", "name": "rhtpa_critical_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 6 } }, { "msg": "Found 115 high vulnerabilities.", "metadata": { "details": { "description": "Source: osv-github. Affected dependencies: pkg:pypi/setuptools@39.2.0 [direct] (CVE-2024-6345, CVE-2022-40897); Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [direct] (CVE-2023-40217, CVE-2022-42919, CVE-2023-6597, CVE-2015-20107, CVE-2024-12718, CVE-2025-4517, CVE-2020-10735, CVE-2022-45061, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2021-28861, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519), pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm [direct] (CVE-2023-2953), pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm [direct] (CVE-2026-21945, CVE-2025-64720, CVE-2025-65018), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-1473, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-5363, CVE-2023-0286, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-42898, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2020-17049), pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-setuptools-39.2.0-9.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=xz-5.2.4-4.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-1271, CVE-2025-31115), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-40217, CVE-2022-42919, CVE-2023-6597, CVE-2015-20107, CVE-2024-12718, CVE-2025-4517, CVE-2020-10735, CVE-2022-45061, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2021-28861, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=expat-2.5.0-1.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtirpc-1.1.4-12.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2021-46828), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-1473, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-5363, CVE-2023-0286, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-42898, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2020-17049), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-1473, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-5363, CVE-2023-0286, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-42898, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2020-17049), pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-setuptools-39.2.0-9.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-6345, CVE-2025-47273), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/javapackages-filesystem@5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6?arch=noarch\u0026distro=rhel-8.10\u0026upstream=javapackages-tools-5.3.0-1.module%2Bel8%2B2447%2B6f56d9a6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-48734, CVE-2019-10086), pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=xz-5.2.4-4.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-1271, CVE-2025-31115), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-40217, CVE-2022-42919, CVE-2023-6597, CVE-2015-20107, CVE-2024-12718, CVE-2025-4517, CVE-2020-10735, CVE-2022-45061, CVE-2023-24329, CVE-2024-6232, CVE-2025-12084, CVE-2025-4138, CVE-2025-4435, CVE-2025-8194, CVE-2021-28861, CVE-2025-4330, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, CVE-2026-4519), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/cups-libs@2.2.6-67.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=cups-2.2.6-67.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-58060, CVE-2024-47175, CVE-2023-34241), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=expat-2.5.0-1.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-8176), pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnutls-3.6.16-8.el8_10.5.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-2509, CVE-2024-0553, CVE-2024-0567, CVE-2023-0361), pkg:rpm/redhat/libtirpc@1.1.4-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtirpc-1.1.4-12.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2021-46828), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/lua@5.3.4-12.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lua-5.3.4-12.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2021-44964), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-1473, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-5363, CVE-2023-0286, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-22576, CVE-2023-38545, CVE-2022-27775, CVE-2022-27782, CVE-2024-2398), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-22576, CVE-2023-38545, CVE-2025-15079, CVE-2022-27775, CVE-2022-27782, CVE-2024-2398), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-56171, CVE-2022-40304, CVE-2025-24928, CVE-2025-7425, CVE-2022-40303, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424, CVE-2022-29824), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-42898, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2020-17049), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=xz-5.2.4-4.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-1271, CVE-2025-31115), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-5318, CVE-2025-5987), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-5318, CVE-2025-5987), pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libarchive-3.3.3-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/brotli@1.0.6-4.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=brotli-1.0.6-4.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-1473, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-5363, CVE-2023-0286, CVE-2024-12797, CVE-2025-69419), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-22576, CVE-2023-38545, CVE-2022-27775, CVE-2022-27782, CVE-2024-2398), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-22576, CVE-2023-38545, CVE-2025-15079, CVE-2022-27775, CVE-2022-27782, CVE-2024-2398), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-56171, CVE-2022-40304, CVE-2025-24928, CVE-2025-7425, CVE-2022-40303, CVE-2024-25062, CVE-2025-32415, CVE-2025-49795, CVE-2025-6021, CVE-2025-7424, CVE-2022-29824), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-42898, CVE-2023-39975, CVE-2024-26462, CVE-2024-37370, CVE-2020-17049), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=xz-5.2.4-4.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-1271, CVE-2025-31115), pkg:rpm/redhat/libksba@1.3.5-9.el8_7?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libksba-1.3.5-9.el8_7.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-3515, CVE-2022-47629), pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnupg2-2.2.20-4.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2026-24882, CVE-2025-68973), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-5318, CVE-2025-5987), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-5318, CVE-2025-5987), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libarchive-3.3.3-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-5914, CVE-2026-4111, CVE-2026-4424, CVE-2026-5121), pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glib2-2.56.4-168.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-13601, CVE-2024-52533), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-6965, CVE-2023-7104, CVE-2025-3277), pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsolv-0.7.20-6.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-46877), pkg:rpm/redhat/brotli@1.0.6-4.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=brotli-1.0.6-4.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-6176), pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnutls-3.6.16-8.el8_10.5.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-2509, CVE-2024-0553, CVE-2024-0567, CVE-2023-0361), pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-44487, CVE-2026-27135), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-2953), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/zlib@1.2.11-25.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=zlib-1.2.11-25.el8.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2018-25032, CVE-2022-37434), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2024-2961, CVE-2026-0861, CVE-2023-4911, CVE-2024-33599, CVE-2025-4802), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-2603), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-29491, CVE-2025-69720), pkg:rpm/redhat/pcre2@10.32-3.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=pcre2-10.32-3.el8_6.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2022-1586, CVE-2022-1587)", "name": "rhtpa_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 115 } }, { "msg": "Found 185 medium vulnerabilities.", "metadata": { "details": { "description": "Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [direct] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm [direct] (CVE-2026-21933, CVE-2026-21925), pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm [direct] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm [direct] (CVE-2025-45582, CVE-2022-48303), pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm [direct] (CVE-2023-4641), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-1292, CVE-2022-2068, CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2020-1971, CVE-2022-4304, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2022-1343, CVE-2022-2097, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2022-4203, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-setuptools-39.2.0-9.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-40897), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-35737), pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=expat-2.5.0-1.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=gmp-6.1.2-11.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtasn1-4.13-5.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2021-46848, CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2022-1304), pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-pip-9.0.3-24.el8.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-1292, CVE-2022-2068, CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2020-1971, CVE-2022-4304, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2022-1343, CVE-2022-2097, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2022-4203, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=gmp-6.1.2-11.el8.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtasn1-4.13-5.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2021-46848, CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2022-1304), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-1292, CVE-2022-2068, CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2020-1971, CVE-2022-4304, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2022-1343, CVE-2022-2097, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2022-4203, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/python3-setuptools-wheel@39.2.0-9.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-setuptools-39.2.0-9.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-40897), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-6923, CVE-2025-0938, CVE-2025-13836, CVE-2024-9287, CVE-2024-0450, CVE-2007-4559, CVE-2023-27043, CVE-2024-8088, CVE-2024-0397, CVE-2024-7592, CVE-2026-0865, CVE-2025-6069, CVE-2025-8291, CVE-2025-6075), pkg:rpm/redhat/cups-libs@2.2.6-67.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=cups-2.2.6-67.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-26691, CVE-2023-32360, CVE-2025-58364, CVE-2023-32324, CVE-2025-58436, CVE-2024-35235), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-35737), pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=expat-2.5.0-1.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-45492, CVE-2024-50602, CVE-2025-59375), pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnutls-3.6.16-8.el8_10.5.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/lua@5.3.4-12.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lua-5.3.4-12.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-33099, CVE-2022-28805, CVE-2021-43519), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/dbus-libs@1.12.8-27.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=dbus-1.12.8-27.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2023-34969), pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lua-5.3.4-12.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-33099, CVE-2022-28805, CVE-2021-43519, CVE-2021-44964), pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=gmp-6.1.2-11.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/avahi-libs@0.7-27.el8_10.1?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=avahi-0.7-27.el8_10.1.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2021-3468, CVE-2023-1981, CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472, CVE-2023-38473, CVE-2021-3502, CVE-2024-52615, CVE-2024-52616), pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=systemd-239-82.el8_10.15.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-7008, CVE-2022-3821, CVE-2022-4415, CVE-2022-45873, CVE-2025-4598), pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtasn1-4.13-5.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2021-46848, CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libgcrypt-1.8.5-7.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2022-1304), pkg:rpm/redhat/python3-pip-wheel@9.0.3-24.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=python-pip-9.0.3-24.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2007-4559), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/alsa-lib@1.2.10-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=alsa-lib-1.2.10-2.el8.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2026-25068), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-1292, CVE-2022-2068, CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2020-1971, CVE-2022-4304, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2022-1343, CVE-2022-2097, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2022-4203, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-32206, CVE-2023-23916, CVE-2022-43552, CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2022-32208, CVE-2023-46218, CVE-2025-9086, CVE-2022-27774, CVE-2022-32221, CVE-2022-27776, CVE-2023-27533), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-13034, CVE-2025-14819, CVE-2026-1965, CVE-2022-32206, CVE-2023-23916, CVE-2025-14524, CVE-2026-3784, CVE-2026-3805, CVE-2022-43552, CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2025-10966, CVE-2026-3783, CVE-2023-27538, CVE-2022-32208, CVE-2023-46218, CVE-2025-9086, CVE-2022-27774, CVE-2022-32221, CVE-2025-10148, CVE-2025-14017, CVE-2025-15224, CVE-2022-27776, CVE-2023-27533), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-39615, CVE-2025-9714, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-48795, CVE-2026-3731, CVE-2023-2283, CVE-2023-6004, CVE-2023-1667), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-48795, CVE-2026-3731, CVE-2023-2283, CVE-2023-6004, CVE-2023-1667), pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libarchive-3.3.3-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-26280, CVE-2022-36227, CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-35737), pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lua-5.3.4-12.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-33099, CVE-2022-28805, CVE-2021-43519, CVE-2021-44964), pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=gmp-6.1.2-11.el8.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtasn1-4.13-5.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2021-46848, CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2022-1304), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-1292, CVE-2022-2068, CVE-2023-2650, CVE-2023-6129, CVE-2025-69421, CVE-2025-11187, CVE-2020-1971, CVE-2022-4304, CVE-2023-0464, CVE-2023-6237, CVE-2024-5535, CVE-2024-6119, CVE-2025-15468, CVE-2025-66199, CVE-2025-69420, CVE-2026-22796, CVE-2024-4741, CVE-2025-9230, CVE-2024-0727, CVE-2025-15469, CVE-2026-22795, CVE-2022-1343, CVE-2022-2097, CVE-2023-0465, CVE-2023-0466, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-4603, CVE-2023-1255, CVE-2022-4203, CVE-2025-68160, CVE-2025-69418), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-32206, CVE-2023-23916, CVE-2022-43552, CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2023-27538, CVE-2022-32208, CVE-2023-46218, CVE-2025-9086, CVE-2022-27774, CVE-2022-32221, CVE-2022-27776, CVE-2023-27533), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-13034, CVE-2025-14819, CVE-2026-1965, CVE-2022-32206, CVE-2023-23916, CVE-2025-14524, CVE-2026-3784, CVE-2026-3805, CVE-2022-43552, CVE-2023-27535, CVE-2023-27536, CVE-2023-28321, CVE-2025-10966, CVE-2026-3783, CVE-2023-27538, CVE-2022-32208, CVE-2023-46218, CVE-2025-9086, CVE-2022-27774, CVE-2022-32221, CVE-2025-10148, CVE-2025-14017, CVE-2025-15224, CVE-2022-27776, CVE-2023-27533), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-39615, CVE-2025-9714, CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2025-32414, CVE-2025-26434), pkg:rpm/redhat/krb5-libs@1.18.2-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=krb5-1.18.2-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-36054, CVE-2024-37371, CVE-2025-24528, CVE-2024-26458, CVE-2024-26461, CVE-2025-3576), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/gnupg2@2.2.20-4.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnupg2-2.2.20-4.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-34903, CVE-2025-68972), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-48795, CVE-2026-3731, CVE-2023-2283, CVE-2023-6004, CVE-2023-1667), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-48795, CVE-2026-3731, CVE-2023-2283, CVE-2023-6004, CVE-2023-1667), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/libarchive@3.3.3-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libarchive-3.3.3-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-26280, CVE-2022-36227, CVE-2025-60753, CVE-2024-57970, CVE-2025-25724), pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glib2-2.56.4-168.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-32611, CVE-2023-32665, CVE-2025-14512, CVE-2023-29499, CVE-2025-14087, CVE-2025-4373), pkg:rpm/redhat/sqlite-libs@3.26.0-20.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=sqlite-3.26.0-20.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-35737), pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsolv-0.7.20-6.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-28863, CVE-2021-44568), pkg:rpm/redhat/gnutls@3.6.16-8.el8_10.5?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gnutls-3.6.16-8.el8_10.5.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2023-5981, CVE-2024-12243, CVE-2024-28834, CVE-2025-14831, CVE-2025-32989, CVE-2024-28835, CVE-2025-9820), pkg:rpm/redhat/libnghttp2@1.33.0-6.el8_10.2?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=nghttp2-1.33.0-6.el8_10.2.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-28182), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/lua-libs@5.3.4-12.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lua-5.3.4-12.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-33099, CVE-2022-28805, CVE-2021-43519, CVE-2021-44964), pkg:rpm/redhat/rpm@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-35938, CVE-2021-35939, CVE-2021-35937), pkg:rpm/redhat/gmp@6.1.2-11.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=gmp-6.1.2-11.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-43618), pkg:rpm/redhat/libsmartcols@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libmount@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libuuid@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-14104), pkg:rpm/redhat/libblkid@2.32.1-48.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=util-linux-2.32.1-48.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-14104, CVE-2026-27456), pkg:rpm/redhat/libstdc%2B%2B@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/libtasn1@4.13-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libtasn1-4.13-5.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-46848, CVE-2025-13151, CVE-2024-12133), pkg:rpm/redhat/libgcrypt@1.8.5-7.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libgcrypt-1.8.5-7.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-2236), pkg:rpm/redhat/systemd-libs@239-82.el8_10.15?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=systemd-239-82.el8_10.15.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-7008, CVE-2022-3821, CVE-2022-4415, CVE-2022-45873, CVE-2025-4598), pkg:rpm/redhat/libcom_err@1.45.6-7.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=e2fsprogs-1.45.6-7.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-1304), pkg:rpm/redhat/file-libs@5.33-27.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=file-5.33-27.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2022-48554), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/tar@1.30-11.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=tar-1.30-11.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/lz4-libs@1.8.3-5.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=lz4-1.8.3-5.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/rootfiles@8.1-22.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=rootfiles-8.1-22.el8.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/libsemanage@2.9-12.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsemanage-2.9-12.el8_10.src.rpm] (CVE-2019-12900), pkg:rpm/redhat/glibc-minimal-langpack@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-15281, CVE-2026-3904, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/glibc-common@2.28-251.el8_10.31?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glibc-2.28-251.el8_10.31.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2025-5702, CVE-2025-0395, CVE-2024-33600, CVE-2026-0915, CVE-2025-8058, CVE-2024-33601, CVE-2024-33602), pkg:rpm/redhat/ncurses-base@6.1-10.20180224.el8?arch=noarch\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/ncurses-libs@6.1-10.20180224.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=ncurses-6.1-10.20180224.el8.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2022-29458), pkg:rpm/redhat/bash@4.4.20-6.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bash-4.4.20-6.el8_10.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2022-3715), pkg:rpm/redhat/libgcc@8.5.0-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=gcc-8.5.0-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2020-11023), pkg:rpm/redhat/bzip2-libs@1.0.6-28.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=bzip2-1.0.6-28.el8_10.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2019-12900)", "name": "rhtpa_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 185 } }, { "msg": "Found 14 low vulnerabilities.", "metadata": { "details": { "description": "Source: redhat-csaf. Affected dependencies: pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [direct] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm [direct] (CVE-2024-56433), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/openldap@2.4.46-21.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=openldap-2.4.46-21.el8_10.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/python3-libs@3.6.8-75.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=python3-3.6.8-75.el8_10.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2024-11168, CVE-2024-4032, CVE-2024-5642), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/java-17-openjdk-headless@17.0.18.0.8-1.el8?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=java-17-openjdk-17.0.18.0.8-1.el8.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546, CVE-2022-35252), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546, CVE-2022-35252), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2025-6170), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-6918), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-6918), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/rpm-libs@4.14.3-32.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=rpm-4.14.3-32.el8_10.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/openssl-libs@1.1.1k-15.el8_6?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=1\u0026upstream=openssl-1.1.1k-15.el8_6.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-2511), pkg:rpm/redhat/libcurl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546, CVE-2022-35252), pkg:rpm/redhat/curl@7.61.1-34.el8_10.11?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=curl-7.61.1-34.el8_10.11.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-27534, CVE-2023-28322, CVE-2023-38546, CVE-2022-35252), pkg:rpm/redhat/libxml2@2.9.7-21.el8_10.3?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libxml2-2.9.7-21.el8_10.3.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2025-6170), pkg:rpm/redhat/libssh-config@0.9.6-16.el8_10?arch=noarch\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-6918), pkg:rpm/redhat/libssh@0.9.6-16.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libssh-0.9.6-16.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-6918), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2023-2602), pkg:rpm/redhat/glib2@2.56.4-168.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=glib2-2.56.4-168.el8_10.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2024-34397), pkg:rpm/redhat/libsolv@0.7.20-6.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libsolv-0.7.20-6.el8.src.rpm [transitive via pkg:rpm/redhat/microdnf@3.8.0-2.el8?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=microdnf-3.8.0-2.el8.src.rpm] (CVE-2021-3200), pkg:rpm/redhat/libcap@2.48-6.el8_9?arch=x86_64\u0026distro=rhel-8.10\u0026upstream=libcap-2.48-6.el8_9.src.rpm [transitive via pkg:rpm/redhat/shadow-utils@4.6-23.el8_10?arch=x86_64\u0026distro=rhel-8.10\u0026epoch=2\u0026upstream=shadow-utils-4.6-23.el8_10.src.rpm] (CVE-2023-2602)", "name": "rhtpa_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 14 } } ] } ] {"vulnerabilities":{"critical":6,"high":115,"medium":185,"low":14,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd:on-pr-4d2226c5919fd71f93701057ce59fa8f2bad3ae6", "digests": ["sha256:35f81c0f5e5b92451fcf6ad8d2fbbf001b6cd2964035acc1b8a84f26c5c910df"]}} {"result":"SUCCESS","timestamp":"2026-04-22T14:10:35+00:00","note":"Task tpa-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by TPA.","namespace":"default","successes":0,"failures":0,"warnings":0} New PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d found after retrigger for component forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d found for Component forgejo-rep-xlpn/test-comp-pac-forgejo-wqnvvd PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Running PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: PipelineRunStopping PipelineRun test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d reason: Failed attempt 3/3: PipelineRun "test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d" failed: pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d-init-pod | init container: prepare 2026/04/22 14:14:24 Entrypoint initialization pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d-init-pod | container step-init: time="2026-04-22T14:14:27Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-22T14:14:27Z" level=info msg="[param] enable: false" time="2026-04-22T14:14:27Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-22T14:14:27Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-22T14:14:27Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-22T14:14:27Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-22T14:14:27Z" level=info msg="Cache proxy is disabled in param or in backend" time="2026-04-22T14:14:27Z" level=info msg="[result] HTTP PROXY: " time="2026-04-22T14:14:27Z" level=info msg="[result] NO PROXY: " [FAILED] Expected success, but got an error: <*errors.errorString | 0xc0015450d0>: pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d-init-pod | init container: prepare 2026/04/22 14:14:24 Entrypoint initialization pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d-init-pod | container step-init: time="2026-04-22T14:14:27Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-22T14:14:27Z" level=info msg="[param] enable: false" time="2026-04-22T14:14:27Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-22T14:14:27Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-22T14:14:27Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-22T14:14:27Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-22T14:14:27Z" level=info msg="Cache proxy is disabled in param or in backend" time="2026-04-22T14:14:27Z" level=info msg="[result] HTTP PROXY: " time="2026-04-22T14:14:27Z" level=info msg="[result] NO PROXY: " { s: "\n pod: test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d-init-pod | init container: prepare\n2026/04/22 14:14:24 Entrypoint initialization\n\npod: test-comp-pac-forgejo-wqnvvd-on-pull-request-p668d-init-pod | container step-init: \ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"Using in-cluster config\" logger=KubeClient\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[param] enable: false\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[param] default-http-proxy: squid.caching.svc.cluster.local:3128\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[param] http-proxy-result-path: /tekton/results/http-proxy\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[param] no-proxy-result-path: /tekton/results/no-proxy\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"Cache proxy is disabled in param or in backend\"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[result] HTTP PROXY: \"\ntime=\"2026-04-22T14:14:27Z\" level=info msg=\"[result] NO PROXY: \"\n", } In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:179 @ 04/22/26 14:22:44.204 < Exit [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:177 @ 04/22/26 14:22:44.204 (29m54.215s) > Enter [AfterAll] Forgejo with status reporting of Integration tests in the associated merge request - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:96 @ 04/22/26 14:22:44.204 < Exit [AfterAll] Forgejo with status reporting of Integration tests in the associated merge request - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:96 @ 04/22/26 14:22:44.207 (4ms) > Enter [AfterEach] [integration-service-suite Forgejo Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:45 @ 04/22/26 14:22:44.208 < Exit [AfterEach] [integration-service-suite Forgejo Status Reporting of Integration tests] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:45 @ 04/22/26 14:22:44.323 (116ms) [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:182 @ 04/22/26 14:22:44.339 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:201 @ 04/22/26 14:22:44.34 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:208 @ 04/22/26 14:22:44.34 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:212 @ 04/22/26 14:22:44.34 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:217 @ 04/22/26 14:22:44.34 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:223 @ 04/22/26 14:22:44.341 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:232 @ 04/22/26 14:22:44.341 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:237 @ 04/22/26 14:22:44.341 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:243 @ 04/22/26 14:22:44.341 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:272 @ 04/22/26 14:22:44.341 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:287 @ 04/22/26 14:22:44.342 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:304 @ 04/22/26 14:22:44.342 [SKIPPED] Spec skipped because an earlier spec in an ordered container failed In [It] at: /tmp/tmp.QN7KPSPXeP/tests/integration-service/forgejo-integration-reporting.go:309 @ 04/22/26 14:22:44.342 > Enter [BeforeAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:60 @ 04/22/26 13:50:09.893 Successfully acquired repository lock for namespace group-psuf < Exit [BeforeAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:60 @ 04/22/26 13:50:15.576 (5.683s) > Enter [It] creates the Component A successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:205 @ 04/22/26 13:50:15.576 < Exit [It] creates the Component A successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:205 @ 04/22/26 13:50:25.603 (10.027s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 13:50:25.603 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 13:50:25.603 (0s) > Enter [It] triggers a Build PipelineRun for componentA go-component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:213 @ 04/22/26 13:50:25.604 Build PipelineRun has not been created yet for the componentA group-psuf/go-component-opambg Build PipelineRun has not been created yet for the componentA group-psuf/go-component-opambg < Exit [It] triggers a Build PipelineRun for componentA go-component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:213 @ 04/22/26 13:51:05.638 (40.034s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 13:51:05.638 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 13:51:05.638 (0s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:227 @ 04/22/26 13:51:05.639 < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:227 @ 04/22/26 13:51:05.639 (0s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 13:51:05.639 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 13:51:05.639 (0s) > Enter [It] should lead to build PipelineRunA finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:231 @ 04/22/26 13:51:05.639 PipelineRun go-component-opambg-on-pull-request-swzc5 found for Component group-psuf/go-component-opambg PipelineRun go-component-opambg-on-pull-request-swzc5 reason: ResolvingTaskRef PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Running PipelineRun go-component-opambg-on-pull-request-swzc5 reason: PipelineRunStopping PipelineRun go-component-opambg-on-pull-request-swzc5 reason: PipelineRunStopping PipelineRun go-component-opambg-on-pull-request-swzc5 reason: PipelineRunStopping PipelineRun go-component-opambg-on-pull-request-swzc5 reason: PipelineRunStopping PipelineRun go-component-opambg-on-pull-request-swzc5 reason: PipelineRunStopping PipelineRun go-component-opambg-on-pull-request-swzc5 reason: PipelineRunStopping PipelineRun go-component-opambg-on-pull-request-swzc5 reason: PipelineRunStopping PipelineRun go-component-opambg-on-pull-request-swzc5 reason: Failed attempt 1/3: PipelineRun "go-component-opambg-on-pull-request-swzc5" failed: pod: go-component-opambg-on-pull-request-swzc5-apply-tags-pod | init container: prepare 2026/04/22 13:54:39 Entrypoint initialization pod: go-component-opambg-on-pull-request-swzc5-apply-tags-pod | container step-apply-additional-tags: time="2026-04-22T13:54:41Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e" time="2026-04-22T13:54:41Z" level=info msg="[param] digest: sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40" time="2026-04-22T13:54:41Z" level=info msg="[param] tags-from-image-label: konflux.additional-tags" time="2026-04-22T13:54:42Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: go-component-opambg-on-pull-request-swzc5-build-container-pod | init container: prepare 2026/04/22 13:51:45 Entrypoint initialization pod: go-component-opambg-on-pull-request-swzc5-build-container-pod | init container: place-scripts 2026/04/22 13:51:45 Decoded script /tekton/scripts/script-0-f4f2n 2026/04/22 13:51:45 Decoded script /tekton/scripts/script-1-8bqs2 2026/04/22 13:51:45 Decoded script /tekton/scripts/script-2-dzvhp 2026/04/22 13:51:45 Decoded script /tekton/scripts/script-3-d7h45 2026/04/22 13:51:45 Decoded script /tekton/scripts/script-4-mzzrd pod: go-component-opambg-on-pull-request-swzc5-build-container-pod | init container: working-dir-initializer pod: go-component-opambg-on-pull-request-swzc5-build-container-pod | container step-build: [2026-04-22T13:52:18,640427312+00:00] Validate context path [2026-04-22T13:52:18,643747844+00:00] Update CA trust [2026-04-22T13:52:18,644790049+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-04-22T13:52:20,656199609+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-04-22T13:52:20,661783146+00:00] Prepare system (architecture: x86_64) [2026-04-22T13:52:20,673596916+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/go-toolset:1.18.9-14... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:e76793d6902ad1adb19ede3d720024cf0cd8427b3ff606554a4bcafba03dddf4 Copying blob sha256:0ab0ba77295aca9b12f463cb7198f0b8b6990b41151dbbd4e1b224fe85244b83 Copying blob sha256:4a13c0e9217d70e608f2d5f5d3c5ffa6d9cd16908b3f83a7a97492d355d25a09 Copying blob sha256:2a625e4afab51b49edb0e5f4ff37d8afbb20ec644ed1e68641358a6305557de3 Copying config sha256:391a2eac28d98dc72726df1faa77db28f6899a77c91ad40f2bdad62baf041301 Writing manifest to image destination Storing signatures [2026-04-22T13:53:02,370505460+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-04-22T13:52:20Z", "com.redhat.component": "go-toolset-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.k8s.description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "io.k8s.display-name": "Go 1.18.9", "io.openshift.expose-services": "", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,golang,golang118,rh-golang118,go", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "Red Hat, Inc.", "name": "rhel9/go-toolset", "release": "14", "summary": "Platform for building and running Go Applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel9/go-toolset/images/1.18.9-14", "vcs-ref": "4d756f25691014cb931c9ba1a2acbdad0b590a3e", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.18.9", "org.opencontainers.image.revision": "4d756f25691014cb931c9ba1a2acbdad0b590a3e", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component", "quay.expires-after": "6h", "org.opencontainers.image.created": "2026-04-22T13:52:20Z" } [2026-04-22T13:53:02,414596843+00:00] Register sub-man Adding the entitlement to the build [2026-04-22T13:53:02,417763957+00:00] Add secrets [2026-04-22T13:53:02,425014482+00:00] Run buildah build [2026-04-22T13:53:02,426070611+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=4d756f25691014cb931c9ba1a2acbdad0b590a3e --label org.opencontainers.image.revision=4d756f25691014cb931c9ba1a2acbdad0b590a3e --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --label quay.expires-after=6h --label build-date=2026-04-22T13:52:20Z --label org.opencontainers.image.created=2026-04-22T13:52:20Z --annotation org.opencontainers.image.revision=4d756f25691014cb931c9ba1a2acbdad0b590a3e --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --annotation org.opencontainers.image.created=2026-04-22T13:52:20Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.Baaml2 -t quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e . STEP 1/10: FROM registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 STEP 2/10: COPY . . STEP 3/10: RUN go mod download go: no module dependencies to download STEP 4/10: RUN go build -o ./main STEP 5/10: ENV PORT 8081 STEP 6/10: EXPOSE 8081 STEP 7/10: CMD [ "./main" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="4d756f25691014cb931c9ba1a2acbdad0b590a3e" "org.opencontainers.image.revision"="4d756f25691014cb931c9ba1a2acbdad0b590a3e" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/group-snapshot-multi-component" "quay.expires-after"="6h" "build-date"="2026-04-22T13:52:20Z" "org.opencontainers.image.created"="2026-04-22T13:52:20Z" COMMIT quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e --> 1da500647b06 Successfully tagged quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e 1da500647b06f5114eea3e0c7bc82ff2687b5a22e0652def72aae7927be04264 [2026-04-22T13:53:05,388315087+00:00] Unsetting proxy [2026-04-22T13:53:05,389491816+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 registry.access.redhat.com/ubi9/go-toolset:1.18.9-14@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 Getting image source signatures Copying blob sha256:5bdd2c12e5754378855f66ad1510599fd09d350d8f8cc1e961ba02a725c53069 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying config sha256:1da500647b06f5114eea3e0c7bc82ff2687b5a22e0652def72aae7927be04264 Writing manifest to image destination [2026-04-22T13:53:12,912873561+00:00] End build pod: go-component-opambg-on-pull-request-swzc5-build-container-pod | container step-push: [2026-04-22T13:53:13,745352681+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-04-22T13:53:15,795893612+00:00] Convert image [2026-04-22T13:53:15,796943776+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:go-component-opambg-on-pull-request-swzc5-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e docker://quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:go-component-opambg-on-pull-request-swzc5-build-container Getting image source signatures Copying blob sha256:5bdd2c12e5754378855f66ad1510599fd09d350d8f8cc1e961ba02a725c53069 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying config sha256:1da500647b06f5114eea3e0c7bc82ff2687b5a22e0652def72aae7927be04264 Writing manifest to image destination [2026-04-22T13:53:30,411844991+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e docker://quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e Getting image source signatures Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:5bdd2c12e5754378855f66ad1510599fd09d350d8f8cc1e961ba02a725c53069 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying config sha256:1da500647b06f5114eea3e0c7bc82ff2687b5a22e0652def72aae7927be04264 Writing manifest to image destination sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e [retry] executing: kubectl get configmap cluster-config -n konflux-info -o json Keyless signing is disabled (none of rekorInternalUrl, fulcioInternalUrl, defaultOIDCIssuer, tufInternalUrl are configured in the konflux-info/cluster-config configmap) [2026-04-22T13:53:31,230417548+00:00] End push pod: go-component-opambg-on-pull-request-swzc5-build-container-pod | container step-sbom-syft-generate: [2026-04-22T13:53:31,890197977+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-04-22T13:53:52,616110062+00:00] End sbom-syft-generate pod: go-component-opambg-on-pull-request-swzc5-build-container-pod | container step-prepare-sboms: [2026-04-22T13:53:53,234843704+00:00] Prepare SBOM [2026-04-22T13:53:53,238893687+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-04-22 13:53:54,315 [INFO] mobster.log: Logging level set to 20 2026-04-22 13:53:54,749 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi9/go-toolset@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 2026-04-22 13:53:55,231 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-22 13:53:55,354 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-22 13:53:55,672 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-22 13:53:55,785 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-22 13:53:56,100 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-22 13:53:56,204 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-22 13:53:56,561 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type spdxjson failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-22 13:53:56,679 [WARNING] mobster.oci.cosign.anonymous_fetcher: Cosign fetching attestation of type cyclonedx failed for registry.access.redhat.com/ubi9/go-toolset@sha256:0200988bf4773dad494d97be5aeceb005da3b329fe6827c035509a3f6eec1ef1 with output b'Error: found no attestations\nerror during command execution: found no attestations\n' 2026-04-22 13:53:56,679 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-04-22 13:53:56,679 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-04-22 13:53:56,681 [INFO] mobster.log: Contextual workflow completed in 2.03s 2026-04-22 13:53:56,834 [INFO] mobster.main: Exiting with code 0. [2026-04-22T13:53:56,901596756+00:00] End prepare-sboms pod: go-component-opambg-on-pull-request-swzc5-build-container-pod | container step-upload-sbom: [2026-04-22T13:53:57,299992023+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg Pushing sbom to registry [retry] executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40 WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate sbom.json --key <key path>'. Uploading SBOM file for [quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40] to [quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:sha256-6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40.sbom] with mediaType [text/spdx+json]. quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg@sha256:8362fb59f6874771b504a945f9866c4603d4539a184fbb9d6742821612275c05 [2026-04-22T13:54:00,866016323+00:00] End upload-sbom pod: go-component-opambg-on-pull-request-swzc5-build-image-index-pod | init container: prepare 2026/04/22 13:54:02 Entrypoint initialization pod: go-component-opambg-on-pull-request-swzc5-build-image-index-pod | init container: place-scripts 2026/04/22 13:54:03 Decoded script /tekton/scripts/script-0-c45kv 2026/04/22 13:54:03 Decoded script /tekton/scripts/script-1-9rrz9 2026/04/22 13:54:03 Decoded script /tekton/scripts/script-2-fjvhb pod: go-component-opambg-on-pull-request-swzc5-build-image-index-pod | container step-build: [2026-04-22T13:54:26,946287288+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Running konflux-build-cli time="2026-04-22T13:54:29Z" level=info msg="[param] image: quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e" time="2026-04-22T13:54:29Z" level=info msg="[param] images: [quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40]" time="2026-04-22T13:54:29Z" level=info msg="[param] buildah-format: docker" time="2026-04-22T13:54:29Z" level=info msg="[param] always-build-index: false" time="2026-04-22T13:54:29Z" level=info msg="[param] additional-tags: [go-component-opambg-on-pull-request-swzc5-build-image-index]" time="2026-04-22T13:54:29Z" level=info msg="[param] output-manifest-path: /index-build-data/manifest_data.json" time="2026-04-22T13:54:29Z" level=info msg="[param] result-path-image-digest: /tekton/results/IMAGE_DIGEST" time="2026-04-22T13:54:29Z" level=info msg="[param] result-path-image-url: /tekton/results/IMAGE_URL" time="2026-04-22T13:54:29Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-04-22T13:54:29Z" level=info msg="[param] result-path-images: /tekton/results/IMAGES" time="2026-04-22T13:54:29Z" level=info msg="Creating manifest list: quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e" time="2026-04-22T13:54:29Z" level=info msg="buildah [stdout] 80a78770719de5cae6cf1e29f01c15a3d8b02431b04bb65fe4f9aff73fd639e8" logger=CliExecutor time="2026-04-22T13:54:29Z" level=info msg="Skipping image index generation. Returning results for single image." {"image_digest":"sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40","image_url":"quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e","image_ref":"quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40","images":"quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40"} pod: go-component-opambg-on-pull-request-swzc5-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: go-component-opambg-on-pull-request-swzc5-build-image-index-pod | container step-upload-sbom: [2026-04-22T13:54:30,331943592+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: go-component-opambg-on-pull-request-swzc5-clamav-scan-pod | init container: prepare 2026/04/22 13:54:53 Entrypoint initialization pod: go-component-opambg-on-pull-request-swzc5-clamav-scan-pod | init container: place-scripts 2026/04/22 13:54:54 Decoded script /tekton/scripts/script-0-gp78x 2026/04/22 13:54:54 Decoded script /tekton/scripts/script-1-25ncf pod: go-component-opambg-on-pull-request-swzc5-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 145.607 sec (2 m 25 s) Start Date: 2026:04:22 13:55:27 End Date: 2026:04:22 13:57:52 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27979/Wed Apr 22 06:26:01 2026 Database version: 27979 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1776866272","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1776866272","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1776866272","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e", "digests": ["sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40"]}} pod: go-component-opambg-on-pull-request-swzc5-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg Attaching to quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading 6b4bfec3c7a3 clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading fba328bf493b clamscan-result-amd64.log Uploaded fba328bf493b clamscan-result-amd64.log Uploaded 6b4bfec3c7a3 clamscan-ec-test-amd64.json Uploading bd70e4fd7d18 application/vnd.oci.image.manifest.v1+json Uploaded bd70e4fd7d18 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40 Digest: sha256:bd70e4fd7d18403ff357c146fa7f7350223c12ef53e99c84b4e99a2e8cf42b31 pod: go-component-opambg-on-pull-request-swzc5-clone-repository-pod | init container: prepare 2026/04/22 13:51:21 Entrypoint initialization pod: go-component-opambg-on-pull-request-swzc5-clone-repository-pod | init container: place-scripts 2026/04/22 13:51:21 Decoded script /tekton/scripts/script-0-4z77h 2026/04/22 13:51:21 Decoded script /tekton/scripts/script-1-g2nnv pod: go-component-opambg-on-pull-request-swzc5-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1776865886.011179,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1776865886.2054439,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/group-snapshot-multi-component @ 4d756f25691014cb931c9ba1a2acbdad0b590a3e (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1776865886.2054956,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1776865886.2287865,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision 4d756f25691014cb931c9ba1a2acbdad0b590a3e directly. pod: go-component-opambg-on-pull-request-swzc5-clone-repository-pod | container step-symlink-check: Running symlink check pod: go-component-opambg-on-pull-request-swzc5-init-pod | init container: prepare 2026/04/22 13:51:09 Entrypoint initialization pod: go-component-opambg-on-pull-request-swzc5-init-pod | container step-init: time="2026-04-22T13:51:13Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-22T13:51:13Z" level=info msg="[param] enable: false" time="2026-04-22T13:51:13Z" level=info msg="[param] default-http-proxy: squid.caching.svc.cluster.local:3128" time="2026-04-22T13:51:13Z" level=info msg="[param] default-no-proxy: brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai" time="2026-04-22T13:51:13Z" level=info msg="[param] http-proxy-result-path: /tekton/results/http-proxy" time="2026-04-22T13:51:13Z" level=info msg="[param] no-proxy-result-path: /tekton/results/no-proxy" time="2026-04-22T13:51:13Z" level=info msg="Cache proxy is disabled in param or in backend" time="2026-04-22T13:51:13Z" level=info msg="[result] HTTP PROXY: " time="2026-04-22T13:51:13Z" level=info msg="[result] NO PROXY: " pod: go-component-opambg-on-pull-request-swzc5-push-dockerfile-pod | init container: prepare 2026/04/22 13:55:50 Entrypoint initialization pod: go-component-opambg-on-pull-request-swzc5-push-dockerfile-pod | init container: working-dir-initializer pod: go-component-opambg-on-pull-request-swzc5-push-dockerfile-pod | container step-push: time="2026-04-22T13:55:53Z" level=info msg="[param] image-url: quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e" time="2026-04-22T13:55:53Z" level=info msg="[param] image-digest: sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40" time="2026-04-22T13:55:53Z" level=info msg="[param] containerfile: docker/Dockerfile" time="2026-04-22T13:55:53Z" level=info msg="[param] context: go-component" time="2026-04-22T13:55:53Z" level=info msg="[param] tag-suffix: .dockerfile" time="2026-04-22T13:55:53Z" level=info msg="[param] artifact-type: application/vnd.konflux.dockerfile" time="2026-04-22T13:55:53Z" level=info msg="[param] source: source" time="2026-04-22T13:55:53Z" level=info msg="[param] result-path-image-ref: /tekton/results/IMAGE_REF" time="2026-04-22T13:55:53Z" level=info msg="[param] alternative-filename: Dockerfile" time="2026-04-22T13:55:54Z" level=info msg="oras [stdout] quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg@sha256:5ab08358580c75c895f95ec7c7bc938b3017c3907e0b3ae672cd542f267422fd" logger=CliExecutor time="2026-04-22T13:55:54Z" level=info msg="Containerfile '/workspace/workspace/source/go-component/docker/Dockerfile' is pushed to registry with tag: sha256-6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40.dockerfile" {"image_ref":"quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg@sha256:5ab08358580c75c895f95ec7c7bc938b3017c3907e0b3ae672cd542f267422fd"} pod: go-component-opambg-on-pull-request-swzc5-sast-shell-check-pod | init container: prepare 2026/04/22 13:56:02 Entrypoint initialization pod: go-component-opambg-on-pull-request-swzc5-sast-shell-check-pod | init container: place-scripts 2026/04/22 13:56:03 Decoded script /tekton/scripts/script-0-rwqrc 2026/04/22 13:56:03 Decoded script /tekton/scripts/script-1-5btsh pod: go-component-opambg-on-pull-request-swzc5-sast-shell-check-pod | init container: working-dir-initializer pod: go-component-opambg-on-pull-request-swzc5-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=go-component-opambg + echo 'INFO: The PROJECT_NAME used is: go-component-opambg' INFO: The PROJECT_NAME used is: go-component-opambg + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-105.json ./shellcheck-results/sc-111.json ./shellcheck-results/sc-114.json ./shellcheck-results/sc-117.json ./shellcheck-results/sc-70.json ./shellcheck-results/sc-73.json ./shellcheck-results/sc-74.json ./shellcheck-results/sc-76.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-82.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + TEST_OUTPUT= + parse_test_output sast-shell-check sarif shellcheck-results.sarif + TEST_NAME=sast-shell-check + TEST_RESULT_FORMAT=sarif + TEST_RESULT_FILE=shellcheck-results.sarif + '[' -z sast-shell-check ']' + '[' -z sarif ']' + '[' -z shellcheck-results.sarif ']' + '[' '!' -f shellcheck-results.sarif ']' + '[' sarif = sarif ']' +++ jq -rce '(if (.runs[].results | length > 0) then "FAILURE" else "SUCCESS" end)' shellcheck-results.sarif +++ jq -rce '(.runs[].results | length)' shellcheck-results.sarif ++ make_result_json -r SUCCESS -f 0 ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ FAILURES=0 ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-04-22T13:56:31+00:00 --arg result SUCCESS --arg note 'For details, check Tekton task log.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-04-22T13:56:31+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-04-22T13:56:31+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-04-22T13:56:31+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-04-22T13:56:31+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ jq .failures + '[' 0 -gt 0 ']' + echo '{"result":"SUCCESS","timestamp":"2026-04-22T13:56:31+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-04-22T13:56:31+00:00","note":"For details, check Tekton task log.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: go-component-opambg-on-pull-request-swzc5-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg Attaching to quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 3b606a9dd3a1 shellcheck-results.sarif Uploaded 3b606a9dd3a1 shellcheck-results.sarif Uploading edffcbe0534d application/vnd.oci.image.manifest.v1+json Uploaded edffcbe0534d application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40 Digest: sha256:edffcbe0534d0ee5d0e146eb34f7226ab5c7a5ed155ac508f44bfb2e7b279827 No excluded-findings.json exists. Skipping upload. pod: go-component-opambg-on-pull-request-swzc5-sast-snyk-check-pod | init container: prepare 2026/04/22 13:56:02 Entrypoint initialization pod: go-component-opambg-on-pull-request-swzc5-sast-snyk-check-pod | init container: place-scripts 2026/04/22 13:56:03 Decoded script /tekton/scripts/script-0-t4vnl 2026/04/22 13:56:03 Decoded script /tekton/scripts/script-1-dnvrb pod: go-component-opambg-on-pull-request-swzc5-sast-snyk-check-pod | init container: working-dir-initializer pod: go-component-opambg-on-pull-request-swzc5-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: go-component-opambg INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-04-22T13:56:31+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: go-component-opambg-on-pull-request-swzc5-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: go-component-opambg-on-pull1f555b19b24993b3aa0a16d2c70dade1-pod | init container: prepare 2026/04/22 13:55:50 Entrypoint initialization pod: go-component-opambg-on-pull1f555b19b24993b3aa0a16d2c70dade1-pod | init container: place-scripts 2026/04/22 13:55:51 Decoded script /tekton/scripts/script-0-2bwbc 2026/04/22 13:55:51 Decoded script /tekton/scripts/script-1-n88w8 pod: go-component-opambg-on-pull1f555b19b24993b3aa0a16d2c70dade1-pod | init container: working-dir-initializer pod: go-component-opambg-on-pull1f555b19b24993b3aa0a16d2c70dade1-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=go-component-opambg + echo 'INFO: The PROJECT_NAME used is: go-component-opambg' INFO: The PROJECT_NAME used is: go-component-opambg + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /workspace/workspace/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/workspace/workspace/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-04-22T13:55:59+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-04-22T13:55:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-04-22T13:55:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-04-22T13:55:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT + echo '{"result":"SUCCESS","timestamp":"2026-04-22T13:55:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' {"result":"SUCCESS","timestamp":"2026-04-22T13:55:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: go-component-opambg-on-pull1f555b19b24993b3aa0a16d2c70dade1-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg Attaching to quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40 sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Uploading 1da9b99b8b41 sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 35bb0c2d0736 application/vnd.oci.image.manifest.v1+json Uploaded 35bb0c2d0736 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e@sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40 Digest: sha256:35bb0c2d07365a324e0089a71cfff5fe6c212212b16b82ab6682d2b6b662f8a4 No excluded-findings.json exists. Skipping upload. pod: go-component-opambg-on-pullc0db0bde478bcb5d829a136c342a5790-pod | init container: prepare 2026/04/22 13:54:39 Entrypoint initialization pod: go-component-opambg-on-pullc0db0bde478bcb5d829a136c342a5790-pod | init container: place-scripts 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-0-6nfr8 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-1-fns7d 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-2-d2qv5 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-3-7n284 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-4-ktq5z 2026/04/22 13:54:39 Decoded script /tekton/scripts/script-5-zb76n pod: go-component-opambg-on-pullc0db0bde478bcb5d829a136c342a5790-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... [retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... [retry] executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: go-component-opambg-on-pullc0db0bde478bcb5d829a136c342a5790-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e Using token for quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg Auth json written to "/auth/auth.json". pod: go-component-opambg-on-pullc0db0bde478bcb5d829a136c342a5790-pod | container step-set-skip-for-bundles: 2026/04/22 13:56:19 INFO Step was skipped due to when expressions were evaluated to false. pod: go-component-opambg-on-pullc0db0bde478bcb5d829a136c342a5790-pod | container step-app-check: time="2026-04-22T13:56:19Z" level=info msg="certification library version" version="1.17.1 <commit: f7de82ae1c76e6c10ea94967d6b6a66f96248cbe>" time="2026-04-22T13:56:19Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e for platform amd64" time="2026-04-22T13:56:19Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e" time="2026-04-22T13:56:44Z" level=info msg="warning: licenses directory does not exist or all of its children are empty directories: error when checking for /licenses: stat /tmp/preflight-1084243737/fs/licenses: no such file or directory" check=HasLicense time="2026-04-22T13:56:44Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-04-22T13:56:44Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-04-22T13:56:44Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-04-22T13:56:44Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-04-22T13:56:44Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-04-22T13:56:44Z" level=info msg="USER 1001 specified that is non-root" check=RunAsNonRoot time="2026-04-22T13:56:44Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-04-22T13:57:14Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-04-22T13:57:14Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-04-22T13:57:14Z" level=info msg="This image's tag on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e will be paired with digest sha256:6fafff3b8768a8e2022e67dd9a08fed617cfcbfbbbb5bbb7736406fa9f07bc40 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.17.1", "commit": "f7de82ae1c76e6c10ea94967d6b6a66f96248cbe" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 121, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 29308, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 186, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-04-22T13:57:14Z" level=info msg="Preflight result: FAILED" pod: go-component-opambg-on-pullc0db0bde478bcb5d829a136c342a5790-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1776866234","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}[retry] executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-psuf/go-component-opambg:on-pr-4d756f25691014cb931c9ba1a2acbdad0b590a3e pod: go-component-opambg-on-pullc0db0bde478bcb5d829a136c342a5790-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1776866234","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: go-component-opambg-on-pulld4713d98cf1b27d9b1dbdd557154aa55-pod | init container: prepare 2026/04/22 13:51:28 Entrypoint initialization pod: go-component-opambg-on-pulld4713d98cf1b27d9b1dbdd557154aa55-pod | init container: place-scripts 2026/04/22 13:51:29 Decoded script /tekton/scripts/script-0-csw5r pod: go-component-opambg-on-pulld4713d98cf1b27d9b1dbdd557154aa55-pod | container step-prefetch-dependencies: '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' time="2026-04-22T13:51:42Z" level=debug msg="Starting prefetch-dependencies" time="2026-04-22T13:51:42Z" level=info msg="Using in-cluster config" logger=KubeClient time="2026-04-22T13:51:42Z" level=info msg="Not using package registry proxy because allow-package-registry-proxy is not set to `true` on the cluster level" logger=PrefetchDependencies time="2026-04-22T13:51:42Z" level=info msg="[param] source-dir: /workspace/source/source" time="2026-04-22T13:51:42Z" level=info msg="[param] output-dir: /workspace/source/cachi2/output" time="2026-04-22T13:51:42Z" level=info msg="[param] sbom-format: spdx" time="2026-04-22T13:51:42Z" level=info msg="[param] mode: strict" time="2026-04-22T13:51:42Z" level=info msg="[param] output-dir-mount-point: /cachi2/output" time="2026-04-22T13:51:42Z" level=info msg="[param] env-files: [/workspace/source/cachi2/cachi2.env /workspace/source/cachi2/prefetch.env /workspace/source/cachi2/prefetch-env.json]" time="2026-04-22T13:51:42Z" level=info msg="[param] git-auth-directory: /workspace/git-basic-auth" time="2026-04-22T13:51:42Z" level=info msg="hermeto [stdout] hermeto 0.50.1" logger=CliExecutor time="2026-04-22T13:51:43Z" level=warning msg="No input provided; skipping prefetch-dependencies" logger=PrefetchDependencies time="2026-04-22T13:51:43Z" level=debug msg="Finished prefetch-dependencies" New PipelineRun go-component-opambg-on-pull-request-nkpx9 found after retrigger for component group-psuf/go-component-opambg PipelineRun go-component-opambg-on-pull-request-nkpx9 found for Component group-psuf/go-component-opambg PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Running PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Completed < Exit [It] should lead to build PipelineRunA finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:231 @ 04/22/26 14:03:40.453 (12m34.814s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:40.453 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:40.453 (0s) > Enter [It] should lead to a PaC PR creation for componentA go-component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:236 @ 04/22/26 14:03:40.454 < Exit [It] should lead to a PaC PR creation for componentA go-component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:236 @ 04/22/26 14:03:40.83 (376ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:40.83 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:40.83 (0s) > Enter [It] checks if the Snapshot is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:258 @ 04/22/26 14:03:40.83 < Exit [It] checks if the Snapshot is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:258 @ 04/22/26 14:03:40.837 (7ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:40.837 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:40.837 (0s) > Enter [It] should find the related Integration PipelineRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:263 @ 04/22/26 14:03:40.838 < Exit [It] should find the related Integration PipelineRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:263 @ 04/22/26 14:03:40.845 (7ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:40.845 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:40.845 (0s) > Enter [It] integration pipeline should end up with success - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:270 @ 04/22/26 14:03:40.846 PipelineRun integration-resolver-pipelinerun-jw6gf reason: Succeeded < Exit [It] integration pipeline should end up with success - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:270 @ 04/22/26 14:03:40.853 (7ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:40.853 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:40.853 (0s) > Enter [It] should merge the init PaC PR successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:277 @ 04/22/26 14:03:40.853 merged result sha: 3dacf4133518194271ce4c8150e3237ec84b637f for PR #21270 < Exit [It] should merge the init PaC PR successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:277 @ 04/22/26 14:03:43.091 (2.238s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:43.092 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:43.092 (0s) > Enter [It] creates the Component B successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:296 @ 04/22/26 14:03:43.092 < Exit [It] creates the Component B successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:296 @ 04/22/26 14:03:53.147 (10.055s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:53.147 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:03:53.148 (0s) > Enter [It] triggers a Build PipelineRun for component python-component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:304 @ 04/22/26 14:03:53.148 Build PipelineRun has not been created yet for the componentB group-psuf/python-component-kwyxcb < Exit [It] triggers a Build PipelineRun for component python-component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:304 @ 04/22/26 14:04:13.17 (20.022s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:04:13.17 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:04:13.17 (0s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:318 @ 04/22/26 14:04:13.17 < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:318 @ 04/22/26 14:04:13.17 (0s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:04:13.17 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:04:13.171 (0s) > Enter [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:322 @ 04/22/26 14:04:13.171 PipelineRun python-component-kwyxcb-on-pull-request-j94ng found for Component group-psuf/python-component-kwyxcb PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun python-component-kwyxcb-on-pull-request-j94ng reason: Running PipelineRun integration-resolver-pipelinerun-m9vgh reason: Running PipelineRun integration-resolver-pipelinerun-m9vgh reason: Succeeded < Exit [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:322 @ 04/22/26 14:08:53.189 (4m40.018s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:53.189 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:53.189 (0s) > Enter [It] should lead to a PaC PR creation for component python-component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:327 @ 04/22/26 14:08:53.189 < Exit [It] should lead to a PaC PR creation for component python-component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:327 @ 04/22/26 14:08:53.554 (364ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:53.554 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:53.554 (0s) > Enter [It] checks if the Snapshot is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:349 @ 04/22/26 14:08:53.554 < Exit [It] checks if the Snapshot is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:349 @ 04/22/26 14:08:53.561 (6ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:53.561 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:53.561 (0s) > Enter [It] should find the related Integration PipelineRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:354 @ 04/22/26 14:08:53.561 < Exit [It] should find the related Integration PipelineRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:354 @ 04/22/26 14:08:53.567 (6ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:53.567 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:53.567 (0s) > Enter [It] integration pipeline should end up with success - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:361 @ 04/22/26 14:08:53.567 PipelineRun integration-resolver-pipelinerun-m9vgh reason: Succeeded < Exit [It] integration pipeline should end up with success - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:361 @ 04/22/26 14:08:53.573 (5ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:53.573 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:53.573 (0s) > Enter [It] should merge the init PaC PR successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:368 @ 04/22/26 14:08:53.573 merged result sha: 6c42688f21958a74292ac305a25a62e2e5f57727 for PR #21272 < Exit [It] should merge the init PaC PR successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:368 @ 04/22/26 14:08:55.805 (2.231s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:55.805 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:08:55.805 (0s) > Enter [It] creates the Component C successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:387 @ 04/22/26 14:08:55.805 < Exit [It] creates the Component C successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:387 @ 04/22/26 14:09:05.862 (10.057s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:09:05.862 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:09:05.862 (0s) > Enter [It] triggers a Build PipelineRun for componentC konflux-test-integration-clone - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:395 @ 04/22/26 14:09:05.862 Build PipelineRun has not been created yet for the componentC group-psuf/konflux-test-integration-clone-fcxekv < Exit [It] triggers a Build PipelineRun for componentC konflux-test-integration-clone - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:395 @ 04/22/26 14:09:25.888 (20.026s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:09:25.888 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:09:25.888 (0s) > Enter [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:409 @ 04/22/26 14:09:25.889 < Exit [It] does not contain an annotation with a Snapshot Name - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:409 @ 04/22/26 14:09:25.889 (0s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:09:25.889 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:09:25.889 (0s) > Enter [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:413 @ 04/22/26 14:09:25.889 PipelineRun konflux-test-integration-clone-fcxekv-on-pull-request-62j6m found for Component group-psuf/konflux-test-integration-clone-fcxekv PipelineRun konflux-test-integration-clone-fcxekv-on-pull-request-62j6m reason: Running PipelineRun konflux-test-integration-clone-fcxekv-on-pull-request-62j6m reason: Running PipelineRun konflux-test-integration-clone-fcxekv-on-pull-request-62j6m reason: Running PipelineRun konflux-test-integration-clone-fcxekv-on-pull-request-62j6m reason: Running PipelineRun konflux-test-integration-clone-fcxekv-on-pull-request-62j6m reason: Running PipelineRun konflux-test-integration-clone-fcxekv-on-pull-request-62j6m reason: Running PipelineRun konflux-test-integration-clone-fcxekv-on-pull-request-62j6m reason: Running PipelineRun konflux-test-integration-clone-fcxekv-on-pull-request-62j6m reason: Running PipelineRun konflux-test-integration-clone-fcxekv-on-pull-request-62j6m reason: Running PipelineRun konflux-test-integration-clone-fcxekv-on-pull-request-62j6m reason: Running PipelineRun integration-resolver-pipelinerun-fbjmt reason: Running PipelineRun integration-resolver-pipelinerun-fbjmt reason: Succeeded < Exit [It] should lead to build PipelineRun finishing successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:413 @ 04/22/26 14:13:05.91 (3m40.021s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:05.91 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:05.91 (0s) > Enter [It] should lead to a PaC PR creation for componentC konflux-test-integration-clone - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:418 @ 04/22/26 14:13:05.911 < Exit [It] should lead to a PaC PR creation for componentC konflux-test-integration-clone - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:418 @ 04/22/26 14:13:06.363 (452ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:06.363 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:06.363 (0s) > Enter [It] checks if the Snapshot is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:440 @ 04/22/26 14:13:06.364 < Exit [It] checks if the Snapshot is created - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:440 @ 04/22/26 14:13:06.37 (7ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:06.37 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:06.371 (0s) > Enter [It] should find the related Integration PipelineRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:445 @ 04/22/26 14:13:06.371 < Exit [It] should find the related Integration PipelineRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:445 @ 04/22/26 14:13:06.377 (6ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:06.377 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:06.378 (0s) > Enter [It] integration pipeline should end up with success - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:452 @ 04/22/26 14:13:06.378 PipelineRun integration-resolver-pipelinerun-fbjmt reason: Succeeded < Exit [It] integration pipeline should end up with success - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:452 @ 04/22/26 14:13:06.383 (5ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:06.384 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:06.384 (0s) > Enter [It] should merge the init PaC PR successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:459 @ 04/22/26 14:13:06.384 merged result sha: 4a55a3e976a04e6d5f2fa6e6a040e81593c48265 for PR #8900 < Exit [It] should merge the init PaC PR successfully - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:459 @ 04/22/26 14:13:08.605 (2.221s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:08.605 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:08.605 (0s) > Enter [It] should make change to the root folder - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:479 @ 04/22/26 14:13:08.606 PR #21274 got created with sha b223815deee3928ff67f548c640888925b922110 < Exit [It] should make change to the root folder - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:479 @ 04/22/26 14:13:12.003 (3.397s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:12.003 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:12.003 (0s) > Enter [It] should make change to the multiple-repo - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:497 @ 04/22/26 14:13:12.003 PR #8901 got created with sha 7d2a7487b2bab2f3fce7bd62f8b95e0f342b4449 < Exit [It] should make change to the multiple-repo - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:497 @ 04/22/26 14:13:14.473 (2.47s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:14.473 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:14.473 (0s) > Enter [It] wait for the last components build to finish - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:513 @ 04/22/26 14:13:14.474 PipelineRun go-component-opambg-on-pull-request-nkpx9 found for Component group-psuf/go-component-opambg PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Completed PipelineRun integration-resolver-pipelinerun-m9vgh found for Component group-psuf/python-component-kwyxcb PipelineRun integration-resolver-pipelinerun-m9vgh reason: Succeeded PipelineRun integration-resolver-pipelinerun-fbjmt found for Component group-psuf/konflux-test-integration-clone-fcxekv PipelineRun integration-resolver-pipelinerun-fbjmt reason: Succeeded < Exit [It] wait for the last components build to finish - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:513 @ 04/22/26 14:13:14.508 (35ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:14.508 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:14.508 (0s) > Enter [It] wait for all component snapshots to be created with proper PR group annotations - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:521 @ 04/22/26 14:13:14.509 Component snapshot integ-app-xfep-20260422-135815-000 has PR group annotation: konflux-go-component-opambg Component snapshot integ-app-xfep-20260422-140401-000 has PR group annotation: konflux-python-component-kwyxcb Component snapshot integ-app-xfep-20260422-140916-000 has PR group annotation: konflux-konflux-test-integration-clone-fcxekv All component snapshots are ready with PR group annotations < Exit [It] wait for all component snapshots to be created with proper PR group annotations - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:521 @ 04/22/26 14:13:14.516 (7ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:14.516 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:13:14.516 (0s) > Enter [It] get all group snapshots and check if pr-group annotation contains all components - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:556 @ 04/22/26 14:13:14.516 Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 3 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 3 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 4 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 4 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 4 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 4 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 4 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 5 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1 pr-branch-ndnvrv:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 5 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1 pr-branch-ndnvrv:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 5 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1 pr-branch-ndnvrv:1] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 6 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1 pr-branch-ndnvrv:2] No group snapshots found yet. Component snapshots may not have been processed by integration service controller yet. Attempting to find group snapshots for application integ-app-xfep in namespace group-psuf Found 7 component snapshots: PR Groups found: map[konflux-go-component-opambg:1 konflux-konflux-test-integration-clone-fcxekv:1 konflux-python-component-kwyxcb:1 pr-branch-ndnvrv:3] Found 1 group snapshots! Group Snapshot 0: integ-app-xfep-20260422-141831-623 (type: group) Group Test Info: [{"namespace":"group-psuf","component":"konflux-test-integration-clone-fcxekv","buildPipelineRun":"konflux-test-integration-clone-fcxekv-on-pull-request-7477j","snapshot":"integ-app-xfep-20260422-141318-000","repoUrl":"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone","pullRequestNumber":"8901"},{"namespace":"group-psuf","component":"go-component-opambg","buildPipelineRun":"go-component-opambg-on-pull-request-tg5wh","snapshot":"integ-app-xfep-20260422-141316-000","repoUrl":"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component","pullRequestNumber":"21274"},{"namespace":"group-psuf","component":"python-component-kwyxcb","buildPipelineRun":"python-component-kwyxcb-on-pull-request-bpw5v","snapshot":"integ-app-xfep-20260422-141315-000","repoUrl":"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component","pullRequestNumber":"21274"}] Validating group test info annotation: [{"namespace":"group-psuf","component":"konflux-test-integration-clone-fcxekv","buildPipelineRun":"konflux-test-integration-clone-fcxekv-on-pull-request-7477j","snapshot":"integ-app-xfep-20260422-141318-000","repoUrl":"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone","pullRequestNumber":"8901"},{"namespace":"group-psuf","component":"go-component-opambg","buildPipelineRun":"go-component-opambg-on-pull-request-tg5wh","snapshot":"integ-app-xfep-20260422-141316-000","repoUrl":"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component","pullRequestNumber":"21274"},{"namespace":"group-psuf","component":"python-component-kwyxcb","buildPipelineRun":"python-component-kwyxcb-on-pull-request-bpw5v","snapshot":"integ-app-xfep-20260422-141315-000","repoUrl":"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component","pullRequestNumber":"21274"}] Group snapshot validation completed successfully < Exit [It] get all group snapshots and check if pr-group annotation contains all components - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:556 @ 04/22/26 14:18:44.885 (5m30.369s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:18:44.885 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:18:44.885 (0s) > Enter [It] make sure that group snapshot contains last build pipelinerun for each component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:635 @ 04/22/26 14:18:44.886 < Exit [It] make sure that group snapshot contains last build pipelinerun for each component - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:635 @ 04/22/26 14:18:44.928 (42ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:18:44.928 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:18:44.928 (0s) > Enter [It] make change to the multiple-repo to trigger a new cycle of testing - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:648 @ 04/22/26 14:18:44.928 < Exit [It] make change to the multiple-repo to trigger a new cycle of testing - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:648 @ 04/22/26 14:18:45.55 (622ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:18:45.55 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:18:45.55 (0s) > Enter [It] wait for the components A and B build to finish - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:654 @ 04/22/26 14:18:45.551 Waiting for build pipelineRun to be created for app group-psuf/integ-app-xfep, sha: bb2866eb0cea7e23d46114130972244bd5bb51e2 PipelineRun go-component-opambg-on-pull-request-nkpx9 found for Component group-psuf/go-component-opambg PipelineRun go-component-opambg-on-pull-request-nkpx9 reason: Completed PipelineRun integration-resolver-pipelinerun-bfvbr found for Component group-psuf/python-component-kwyxcb PipelineRun integration-resolver-pipelinerun-bfvbr reason: Succeeded < Exit [It] wait for the components A and B build to finish - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:654 @ 04/22/26 14:18:45.585 (34ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:18:45.585 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:18:45.585 (0s) > Enter [It] get all component snapshots for component A and check if older snapshot has been cancelled - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:663 @ 04/22/26 14:18:45.585 < Exit [It] get all component snapshots for component A and check if older snapshot has been cancelled - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:663 @ 04/22/26 14:25:45.976 (7m0.391s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:25:45.976 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:25:45.976 (0s) > Enter [It] get all group snapshots and check if older group snapshot is cancelled - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:690 @ 04/22/26 14:25:45.977 < Exit [It] get all group snapshots and check if older group snapshot is cancelled - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:690 @ 04/22/26 14:25:45.992 (15ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:25:45.992 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:25:45.992 (0s) > Enter [It] verifies that ResolutionRequest is deleted after pipeline resolution - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:720 @ 04/22/26 14:25:45.993 < Exit [It] verifies that ResolutionRequest is deleted after pipeline resolution - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:720 @ 04/22/26 14:25:46.321 (329ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:25:46.322 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:25:46.322 (0s) > Enter [It] verifies that no orphaned ResolutionRequests remain in namespace after test completion - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:740 @ 04/22/26 14:25:46.322 < Exit [It] verifies that no orphaned ResolutionRequests remain in namespace after test completion - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:740 @ 04/22/26 14:25:46.589 (266ms) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:25:46.589 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:25:46.589 (0s) > Enter [BeforeAll] when IntegrationTestScenario reference to task as pipelinerun resolution - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:775 @ 04/22/26 14:25:46.589 < Exit [BeforeAll] when IntegrationTestScenario reference to task as pipelinerun resolution - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:775 @ 04/22/26 14:25:46.644 (55ms) > Enter [It] trigger pipelinerun for invalid integrationTestScenario by annotating snapshot and verify failing to create integration pipelinerun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:780 @ 04/22/26 14:25:46.644 < Exit [It] trigger pipelinerun for invalid integrationTestScenario by annotating snapshot and verify failing to create integration pipelinerun - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:780 @ 04/22/26 14:26:06.697 (20.053s) > Enter [AfterAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:149 @ 04/22/26 14:26:06.697 < Exit [AfterAll] with status reporting of Integration tests in CheckRuns - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:149 @ 04/22/26 14:26:12.796 (6.099s) > Enter [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:26:12.796 < Exit [AfterEach] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] - /tmp/tmp.QN7KPSPXeP/tests/integration-service/group-snapshots-tests.go:50 @ 04/22/26 14:26:12.796 (0s)